This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes General Computing and the fly likes Java tops kaspersky top 10 vulnerability list Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » General Computing
Bookmark "Java tops kaspersky top 10 vulnerability list " Watch "Java tops kaspersky top 10 vulnerability list " New topic

Java tops kaspersky top 10 vulnerability list

james stan

Joined: Oct 13, 2012
Posts: 25
Link for Article

Now MS had .NET platforms available for a long time but they[MS frameworks] seem to be more secure . I am curious but does making frameworks open source make it difficult to control its progress and making them more secure?
Campbell Ritchie

Joined: Oct 13, 2005
Posts: 45277
Don’t know. For a long time Windows® would have been high up that list, and that has never been open source. They did go on about people using old unpatched software; there was a notorious vulnerability in JDK7, which was fixed I think in 7u3.
Paul Clapham

Joined: Oct 14, 2005
Posts: 19850

According to one theory, open-source projects are less likely to have security exploits, or bugs in general, because there are "many eyes" on the code and people will see the problems and fix them.

However that theory presupposes that (a) problems are easy to see (b) there are in fact many people looking at the code (c) bugs will be repaired quickly and new versions published quickly. This may not apply to Java.

Another quibble with the original question: as I understand it the recent security exploits involve the JIT compiler feature of the JVM. Is that in fact open source?
subject: Java tops kaspersky top 10 vulnerability list
It's not a secret anymore!