Java Security Traps Reportedly Getting Worse
Lisa Vaas writes on eWeek:
A year ago at JavaOne, Fortify Software Founder and Chief Scientist Brian Chess gave a presentation titled "12 Java Technology Security Traps and How to Avoid Them."More here.
A year later, how far have we come in addressing those inherent vulnerabilities, which include XSS (cross-site scripting), SQL injection and native methods that allow the import of C or C++ code—along with its bugs? Not a smidge—unless you count going backwards.
It's gotten worse, Chess said in an interview with eWEEK, "and I've got evidence to prove it."
Fortify, which markets source-code analysis technology, has access to a large database of common Java programming errors and vulnerabilities, gleaned not only from its customers but also from a year of running the Java Open Review project.
Note: I agree: Java and JavaScript, while "enabling the Web 2.0 revolution" is alos making the Internet a much more dangerous place. - ferg
posted by Fergie @ 5/09/2007 05:58:00 PM
0 Comments:
Post a Comment
<< Home