Critical Java SE Update Due Tuesday (June 18, 2013) Fixes 40 Flaws

HardOCP ^ | 7:37 AM (DST) June 15, 2013 | Posted by Al

[Ernest_at_the_Beach]

It’s a clear case of Patch Tuesday envy that drives Oracle to release so many security patches. There’s no way Java could need that many critical updates. This one will get your attention with critical patches addressing 40 vulnerabilities.

Oracle ordinarily releases Critical Patch Updates four times a year on a set schedule, but this will already be the fourth such update issued in 2013.

[Ernest_at_the_Beach]

fyi

[ptsal]

How much revenue is generated for each patch...There has to be a money-based incentive.

Anyone know the $$$ involved?

[winner3000]

I don’t think they make a penny off patches. However, if they don’t do them, the vulnerabilities will be used by criminals, and people will stop using their software.

[LibLieSlayer]

NSA rootkit 12.7

[Jyotishi]

Obama spying, NSA action?

[null and void]

When the government tells you to patch in back doors immediately or else!, you can't wait for the next scheduled quarterly update.

[ShadowAce]

[GeronL]

That is a lot of flaws

[expat1000]

Thanks for the ping.

[ptsal]

C'mon... I just cannot understand the economics of Java and the repeated patches.

Somewhere there is cash flow....

How does it work?

[Betis70]

Application servers, database support, networking equipment.

Basically getting people on your development ecosystem and not Microsoft’s or some other open source tech stack (Ruby, JavaScript/JQuery/Node, Php/MySql, etc.). If your programming language and runtime (in Java’s case) is full of security holes, people start leaving your ecosystem. Or at the very least new startups or applications don’t even consider it.