Following Oracle’s announcement regarding Java Plugins, Tod Beardsley, security engineering manager, Rapid7 have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 :
“Companies are urged to take Oracle’s announcement seriously and start efforts to transition to Java Web Start (a plugin-free Java technology), or other alternative, sooner rather than later. Just like when Microsoft stopped support for Windows XP, we can’t expect that the end of support for Java plugins will instantly eradicate the applications that rely on it. While Java plugins have fallen out of favour on the general, public Internet, there are still plenty of internal networks that need Java plugins to run their internal applications.
Of course, we cannot expect Oracle to support Java plugins forever, but the transition period between Oracle’s announced deprecation schedule and the actual re-engineering work that companies will have to complete to use an alternative may be challenging, potentially including newly discovered vulnerabilities. Organisations working through this transition should be extra vigilant, as anyone currently sitting on an undisclosed vulnerability for this technology will be motivated to use it now — before the majority of companies have switched over.”[/su_note]
[su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]Rapid7 security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.