Secure Coding mailing list archives
Re: Java: the next platform-independent target
From: "Kevin W. Wall" <kevin.w.wall () gmail com>
Date: Mon, 25 Oct 2010 19:37:18 -0400
On 10/25/2010 04:26 AM, Martin Gilje Jaatun wrote:
On 2010-10-22 04:51, Kevin W. Wall wrote:In a large part, I think that people fail to patch Flash or Acrobat Reader for the same reason they forget about Java...out of sight, out of mind.* I think they believe that Windows Update solves (or should solve) *all* their patching needs. I think many of the Linux distros have it right in that respect...one-stop patching pretty much for whatever you have installed from your Linux provider's distribution channel.There are third-party vendors who do offer this as a service to Windows users - I know about the Danish company Secunia and their Corporate Software Inspector (CSI) service; there may be others out there.
That's true, I think BigFix is another (no endorsement intended), but 1) these services are not obvious / trivial to locate and evaluate for reliability, and 2) more importantly, why should a general user have to trust yet another party? Look how many folks get mislead into downloading fake AV software to protect their supposedly infected PC. If they are not discerning enough to know that, would they be any better with judging the reputation of these other companies that might offer total patching as a service similar to Secunia's service? I personally think that's doubtful. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Java: the next platform-independent target Benjamin Tomhave (Oct 20)
- Re: Java: the next platform-independent target ljknews (Oct 20)
- Re: Java: the next platform-independent target James Manico (Oct 21)
- Re: Java: the next platform-independent target Steven M. Christey (Oct 21)
- Re: Java: the next platform-independent target Jim Manico (Oct 21)
- Re: Java: the next platform-independent target Kevin W. Wall (Oct 22)
- Re: Java: the next platform-independent target Martin Gilje Jaatun (Oct 25)
- Re: Java: the next platform-independent target Kevin W. Wall (Oct 26)
- Re: Java: the next platform-independent target Steven M. Christey (Oct 21)
- Re: Java: the next platform-independent target Steven M. Christey (Oct 24)
- Re: Java: the next platform-independent target Wall, Kevin (Oct 21)