Java is one of the most widely used programming languages with a user base of more than 10 million worldwide. Launched in 2012, by James Gosling at Sun Microsystems, it was later acquired by Oracle in January 2010.
Of late however, since the last fey years or so, Java has faced issues with security, primarily with its running in web servers. Hence addressing the same Oracle recently revealed various measures to beef up the security of Java.
Through recently published Oracle Software Security Assurance Blog, Nandini Ramani, lead of the software development team building the Java platform, assured users, saying
“Whenever Oracle makes an acquisition, acquired product lines are required to conform to Oracle policies and procedures, including those comprising Oracle Software Security Assurance. As a result, for example, the Java development organization had to adopt Oracle’s Security Fixing Policies, which among other things mandate that issues must be resolved in priority order and addressed within a certain period of time”
As part of Oracle’s strategy to fix Java’s security issues, since April 2012 it has released a total of 155 (58 in 2012 + 97 in the first half of 2013) security fixes. Refer release dates below.
- February 2012 Critical Patch Update for Java SE
- June 2012 release
- October 2012 release
- February 2013 security releases
- April 2013 Critical Patch Update for Java SE
Also, from October 2013, Java security fixes will be released 4 times annually under the Oracle Critical Patch Update schedule along with all other Oracle products.
Focus on Java through series of measures
Not depending on security fixes alone, Oracle has planned several other measures to take care of Java’s security issues. Its sees following as part of its security plan.
- Implementation of Oracle Software Security Assurance policies
- Through Product Enhancements like the JDK 7 Update 2, JDK 7 Update 6, JDK 7 Update 10, JDK 7 Update 21.
- Addressing the security implications of the wide Java distribution mode.
- Removing plugins from the Server JRE distribution to reduce the attack surface.
- Improving the manageability of Java in enterprise deployments.
With the help of above, Oracle intends to address the vulnerability issues in Java effectively. As users we appreciate this move by Oracle and hope that its plans succeed so that we have a secured Java on our PCs.
Read the full assurance from Oracle here.