Friday Jan 25, 2013

Oracle Speaks up on Java Security

As many of you are keenly aware, there has been a veritable media firestorm around the recent Java vulnerability. As you know, the vulnerability pertains to Java on the browser, not server-side Java, desktop Java or emdedded Java. You may also have been frustrated with Oracle's relative silence on the issue.

Hopefully it comes as some relief that Oracle is now starting to openly speak up on the issue. The lead for Oracle Security Martin Smith and Doland Smith from the OpenJDK team very recently had a conference call with worlwide JUG leaders. The recordings of the meeting is available here. This was a frank two-way discussion with Java community leaders about Java security, bundled software installers, openness, communication and the technical/journalistic quality of recent press coverage in some venues. As Donald and Martin indicate on the call, we can expect this to be the tip of the iceberg of what will be done on the Java Security and communication fronts.

You are encouraged to participate in this crucial dialog and provide your feedback.

John Spragge offers his opinions on these very issues in his intelligent, insightful blog post: A passionate defence of Java's virtues. It is well worth a read if you are a fan of GlassFish, Java EE or Java.