Oracle reveals plans to make Java more secure

Java is one of the most widely used programming languages with a user base of more than 10 million worldwide. Launched in 2012, by James Gosling at Sun Microsystems, it was later acquired by Oracle in January 2010.


Of late however, since the last fey years or so, Java has faced issues with security, primarily with its running in web servers. Hence addressing the same Oracle recently revealed various measures to beef up the security of Java.

Through recently published Oracle Software Security Assurance Blog, Nandini Ramani, lead of the software development team building the Java platform, assured users, saying

“Whenever Oracle makes an acquisition, acquired product lines are required to conform to Oracle policies and procedures, including those comprising Oracle Software Security Assurance.  As a result, for example, the Java development organization had to adopt Oracle’s Security Fixing Policies, which among other things mandate that issues must be resolved in priority order and addressed within a certain period of time”

As part of Oracle’s strategy to fix Java’s security issues, since April 2012 it has released a total of 155 (58 in 2012 + 97 in the first half of 2013) security fixes.  Refer release dates below.

  • February 2012 Critical Patch Update for Java SE
  • June 2012 release
  • October 2012 release
  • February 2013 security releases
  • April 2013 Critical Patch Update for Java SE

Also, from October 2013, Java security fixes will be released 4 times annually under the Oracle Critical Patch Update schedule along with all other Oracle products.

Focus on Java through series of measures

Not depending on security fixes alone, Oracle has planned several other measures to take care of Java’s security issues. Its sees following as part of its security plan.

  1. Implementation of Oracle Software Security Assurance policies
  2. Through Product Enhancements like the JDK 7 Update 2, JDK 7 Update 6, JDK 7 Update 10, JDK 7 Update 21.
  3. Addressing the security implications of the wide Java distribution mode.
  4. Removing plugins from the Server JRE distribution to reduce the attack surface.
  5. Improving the manageability of Java in enterprise deployments.

With the help of above, Oracle intends to address the vulnerability issues in Java effectively. As users we appreciate this move by Oracle and hope that its plans succeed so that we have a secured Java on our PCs.

Read the full assurance from Oracle here.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 4 =