This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java tops kaspersky top 10 vulnerability list

 
james stan
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Link for Article

Now MS had .NET platforms available for a long time but they[MS frameworks] seem to be more secure . I am curious but does making frameworks open source make it difficult to control its progress and making them more secure?
 
Campbell Ritchie
Sheriff
Posts: 48452
56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don’t know. For a long time Windows® would have been high up that list, and that has never been open source. They did go on about people using old unpatched software; there was a notorious vulnerability in JDK7, which was fixed I think in 7u3.
 
Paul Clapham
Sheriff
Pie
Posts: 20771
30
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to one theory, open-source projects are less likely to have security exploits, or bugs in general, because there are "many eyes" on the code and people will see the problems and fix them.

However that theory presupposes that (a) problems are easy to see (b) there are in fact many people looking at the code (c) bugs will be repaired quickly and new versions published quickly. This may not apply to Java.

Another quibble with the original question: as I understand it the recent security exploits involve the JIT compiler feature of the JVM. Is that in fact open source?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic