Thursday, 27 February 2014

Java by numbers

A lot has been written about how bad Java is from a security perspective.  Specifically, if you have Java enabled in your browser, well, you're going to get pwned (unless you have some compensating controls). Assuming your business requires Java be enabled in browsers for certain applications to work, then whilst it's not the only compensating control that should be used, having the latest version installed is a good start.

I've been looking at Java recently and wanted to know more precisely how much risk it posed.  So I pulled together the number of vulnerabilities related to applets and web start applications (i.e. Rich Internet Applications) that have been discovered over the last couple years.  You can see the numbers on my page Java Vulnerabilities.  It makes for scary reading.

No comments:

Post a comment