Oracle Corp. shouldย adopt a more stringent development process akin to that of Microsoft Corp. in order to deal with patch problems that have been plaguing the Santa Clara, Calif-based software and database management company, according to several security experts.
Java issued an emergency security patch to update Java 7 and stop the zero-day exploit. The patch, however, failed to prevent two new vulnerabilities which enable attackers to control computers using the software.
Java patch problems remain says researchers
U.S. says Java should be disabled
Malware targets Java HTTP servers
Oracleโs inability to decisively deal with the problem indicates that the companyโs security policies are โbrokenโ according to security experts interviewed by Computerworld.com. One of them said it illustrates that Oracleโs three-times-a-year Java patch does not adequately protect the softwareโs users.
The experts suggested that Oracle adopt something akin to Microsoftโs Security Development Lifecycle. The SDL involves regular code reviews during the development of a product and built-in practices to reduce vulnerabilities during the design phase.