Secure Coding mailing list archives

Re: Java: the next platform-independent target

From: "Kevin W. Wall" <kevin.w.wall () gmail com>
Date: Mon, 25 Oct 2010 19:37:18 -0400

On 10/25/2010 04:26 AM, Martin Gilje Jaatun wrote:

On 2010-10-22 04:51, Kevin W. Wall wrote:

In a large part, I think that people fail to patch Flash or Acrobat
Reader for the same reason they forget about Java...out of sight, out of
mind.* I think they believe that Windows Update solves (or should solve)
*all* their patching needs.  I think many of the Linux distros have it
right in that respect...one-stop patching pretty much for whatever you
have installed from your Linux provider's distribution channel.


There are third-party vendors who do offer this as a service to Windows
users - I know about the Danish company Secunia and their Corporate
Software Inspector (CSI) service; there may be others out there.


That's true, I think BigFix is another (no endorsement intended),
but 1) these services are not obvious / trivial to locate and
evaluate for reliability, and 2) more importantly, why should a
general user have to trust yet another party? Look how many folks
get mislead into downloading fake AV software to protect their
supposedly infected PC. If they are not discerning enough to know
that, would they be any better with judging the reputation of
these other companies that might offer total patching as a service
similar to Secunia's service? I personally think that's doubtful.

-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Java: the next platform-independent target Benjamin Tomhave (Oct 20)
- Re: Java: the next platform-independent target ljknews (Oct 20)
- Re: Java: the next platform-independent target James Manico (Oct 21)
  - Re: Java: the next platform-independent target Steven M. Christey (Oct 21)
    - Re: Java: the next platform-independent target Jim Manico (Oct 21)
    - Re: Java: the next platform-independent target Kevin W. Wall (Oct 22)
    - Re: Java: the next platform-independent target Martin Gilje Jaatun (Oct 25)
    - Re: Java: the next platform-independent target Kevin W. Wall (Oct 26)
    - Re: Java: the next platform-independent target Steven M. Christey (Oct 24)
- Message not available
  - Re: Java: the next platform-independent target Wall, Kevin (Oct 21)