PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
October 2012

Java security problems: Is disabling Java the answer?

Vulnerability management is a time consuming, complex process and the recent onslaught of attacks on Java hasn't made it any easier. To recap: In August, security researchers reported that attackers were actively exploiting zero-day vulnerabilities in Java. Oracle – not always the quickest on the draw when it comes to fixing flaws – actually released a patch pretty fast only to have security researchers uncover holes in it. All the Java security problems – and a growing track record of security snafus with the popular programming language -- led to calls from a number of security experts to disable Java. Tod Beardsley, Metasploit engineering manager at Rapid7, says that's simply sound advice. "For the Java browser plug-ins, users should disable Java. Unlike Flash, HTML5 or even PDF, it's not ubiquitous technology on the Web…Disabling unnecessary functionality is always good advice – doing so reduces your attack surface," he says. In the enterprise, however, shutting off Java is easier said than done. A number of common business ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue