Link Details

Link 934099 thumbnail
User 448255 avatar

By dotCore
via threatpost.com
Published: Mar 06 2013 / 08:12

Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox.
  • 8
  • 0
  • 929
  • 871

Comments

Add your comment
User 161039 avatar

mheath replied ago:

1 votes Vote down Vote up Reply

"Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question." How does this not end well? In the end, 5 problems were found and now they can be fixed. You can't fix a problem that you don't know about. In the end, this is good for the vendor because they're product will be better. In the short term, it's not good because of the bad publicity.

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (8)



Voters Against This Link (0)



    Apache Hadoop
    Written by: Piotr Krewski
    Featured Refcardz: Top Refcardz:
    1. Play
    2. Akka
    3. Design Patterns
    4. OO JS
    5. Cont. Delivery
    1. Play
    2. Java Performance
    3. Akka
    4. REST
    5. Java