Microsoft published volume 10 of the its Security Intelligence Report which provides perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software. Microsoft found out that vulnerabilities in applications versus operating systems or web browsers continued to account for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities declined 22.2 percent from 2009. The exploitation of Java vulnerabilities sharply increased in the second quarter of 2010 and surpassed every other exploitation category that the MMPC tracks, including generic HTML/scripting exploits, operating system exploits, and document exploits.
This is the one case where I think that Microsoft knows what its talking about. After all, who better to lecture people on security breachs than a company that is known for ignoring security?
Edited 2011-05-18 02:58 UTC
More than a competence issue, I would wonder if MS is shading results to fit their own purposes. They have a vested interest in saying the problems lie with other company’s apps, rather than Windows, IE, or their own infrastructural software.
“The exploitation of Java vulnerabilities sharply increased in the second quarter of 2010”
– Minecraft.
One of Java’s security strong points is that it runs on the JVM (Java virtual machine). It is designed and suppose to be one of the safest programming platforms.
Where lies the problem
1. Third party program vulnerabilities(Java programmers)
2. Java itself
3. Consumer not updating Java.
I don’t run Java myself, and this is just one of the reasons why. Flash is sort of a ‘necessary evil’, since a lot of the web uses it. Fortunately, Java is not, at least for me. I don’t run any apps that use it.
fran,
“One of Java’s security strong points is that it runs on the JVM (Java virtual machine). It is designed and suppose to be one of the safest programming platforms.
Where lies the problem
1. Third party program vulnerabilities(Java programmers)
2. Java itself
3. Consumer not updating Java.”
I’d like to know too. If it hadn’t been killed by microsoft, java would be the ideal platform for running highly interactive/intensive apps inside (or outside) the browser on demand.
Of course, supporting such powerful apps in the browser destroys the business case for mobile walled gardens.
Java was a wonderfully innovative platform; maybe in a world not dominated by overreaching control freaks, it would have flourished.
Anyways, the report would be informative if it wasn’t so annoyingly vague.