ISC Handler Rob V pointed out a blog post from Oracle’s Mark Reinhold stating that Oracle has “mounted an intense effort to address those issues in a series of critical-patch update releases” and that they’ve also upgraded their “development processes to increase the level of scrutiny applied to new code, so that new code doesn’t introduce new vulnerabilities.”
Framing statements state that Oracle:
- is committed to continue fixing security issues at an accelerated pace
- will enhance the Java security model
- will introduce new security features
- recoginizes that more engineer hours are required than can be freed up by dropping features from Java 8 or otherwise reducing the scope of the release at this stage
As such, the likely release of Java 8 will be in the first quarter of 2014 (had been intended for September 2013).
Read the full article for yourself here: http://mreinhold.org/blog/secure-the-train