New Java Flaw Found
Oracle now knows what it feels like to be Microsoft. Security experts are constantly finding flaws in Microsoft software and telling the world all about them.
Well, last week Oracle thought it had fixed a well-publicized problem in Java, one that had some advising end users to just stop using Java altogether. Instead of offering a round of applause, researchers told the world of a flaw found inside the supposedly fixed version.
Fortunately, the researchers had the good sense to hold off publishing actual details of the flaw until Oracle has a "proof of concept" fix.
My question is, why publish them then? Not all machines will be patched with this proof of concept fix. Any idiot can take what the researcher publishes and attack unpatched machines.
Am I missing something? If so, corrections readily accepted at firstname.lastname@example.org.
Posted by Doug Barney on 09/10/2012 at 1:19 PM