Il mese dei bug Java
Two years after the Month of PHP Bugs the same crew is now running the Month of Java Bugs. In days where more and more Security Researchers join the nomorefreebugs campaign this initiative is an effort to improve the security of Java for free. During May 2009 new security vulnerabilities in the JVM and the Java SDK will be disclosed on a day by day basis.
Is this an attack, revenge, conspiracy or some kind of evil plot against Java? Not at all. We strongly believe that disclosing vulnerabilities in software is actually very helpful and not an attack at all.
What kind of security bugs will be covered? We will report different classes of security bugs. From simple denial of service bugs to potential remote code execution vulnerabilities.
Are Java web applications also a target of this initiative? Not exactly. We will offer Java web applications bugs as bonus bug through the months.
Does the Java Security Response Team know about these issues? No every single vulnerability disclosed will be news to them...
Does "someone" pay, sponsor or support this? Is this initiative influenced in order to spread FUD over competitor's products? This initiative is sponsored by the Month of PHP Bugs crew. We like Java and therefore we are not interested in spreading FUD about it. We think that both Java and PHP have their own reasons to exist.
Why do you provide exploit code, isn't that irresponsible? Exploit code is provided because on the one hand some people do not believe that a vulnerability is exploitable (maybe because their attempts failed) and on the other hand the lack of exploit code that tests for a certain vulnerability is the major reason why vulnerabilities are sometimes not correctly fixed or why the same bugs are later reintroduced.
Is this initiative affiliated with MOAB, MOKB, MOBB, MOPB? This initiative is by the same people behing the Month of PHP Bugs (MOPB).
Commenti
Posta un commento