A series of Java security events in 2013 revealed Oracle's slack in Java security, which seriously threatened the survival of the Java language. Oracle also announced yesterday to increase Java security investment.
In yesterday's official blog, Oracle published an article entitled "maintaining Java security is a top priority for Oracle", indicating that it will increase Java language Security Investment and list specific implementation steps.
Oracle said that security patches will be released every quarter starting from January, and promises to respond quickly to security issues in the future and detect vulnerabilities in a timely manner through automated security testing tools, make sure they do not enter the code library.
Nandini Ramani, Oracle's Java software development leader, wrote in the Oracle official blog:
The company has completed some product security improvements to provide more security control to end users.
Ramani said: the recent exposure of Java browser vulnerabilities has attracted the attention of enterprises running Java on servers, oracle has released a separate release version of Server JRE.
The industry's anxiety about Java security began last year. Oracle spent several months fixing a Java security vulnerability. Such a slow response made Java security impossible. The consequence of Oracle's lack of investment in Java security began to emerge in 2013. A series of Java security events left Oracle unable to ignore.
In March January 2013, the newly discovered Java vulnerability allows attackers to mount botnet malware or steal user information in the Java Plug-in of any user's browser. At that time, the U.S. Department of Homeland Security (DHS) and Apple even issued a memorandum urging everyone to stop using Java. Oracle then released a patch, but the Department of Homeland Security was very dissatisfied with the patch and thought it was not a fundamental solution.
After being attacked by a Java Vulnerability in February, Facebook voted to disable Java in a public vote. Microsoft and Apple (Editor's note: Flashback Trojan) both suffered similar attacks, apple immediately blacklists Java and prohibits it from being used on the OS X platform.
In the end, Oracle released an urgent Java upgrade in May, followed by 42 security vulnerability patches in May.