Software Asset Management Expert // Blog // Blog Post

TIP OF THE WEEK: Oracle Java - Java: Consider security risks!

Every week we share our expert TIP with you.
#8: Oracle Java: Consider security risks!

Java is one of the pieces of the "Security" puzzle and if the Java environment is not secure, your security challenges cannot be solved completely.

To identify risks related to Oracle Java software and rate them, preferably use the Common Vulnerability Scoring System (CVSS) while:

 

  • It is a free and open industry standard for assessing the severity of computer system security vulnerabilities;
  • It is being used as a framework for rating the severity of security vulnerabilities in software;
  • It uses an algorithm to determine the severity rating score, which may vary from 0 to 10, with 10 being the most severe.



Source:https://searchsecurity.techtarget.com/definition/CVSS-Common-Vulnerability-Scoring-System  
Source:www.oracle.com

As the pictures above show, a fair amount of security vulnerabilities has been identified regarding different Oracle Java versions:

  • Oracle Java versions 6 and 7 (outdated versions) are scoring high on the CVSS rating;
  • The same applies for Oracle Java version 8. Moreover, it is not possible anymore to receive any support by Oracle for critical problems;
  • New public versions of Oracle Java do not have access to the latest security patches and bug fixes after 6 months.
     

Furthermore: 
Security risks may cause unacceptable privacy risks and could have financial consequences regarding GDPR regulations, like fines for not complying to these laws and regulations.
On top of all, there is also a potential financial risk, when ‘down-time’ occurs due to security vulnerabilities. For example, due to being hacked or a forced shut-down after a GDPR-violation.

Our Oracle experts can help you determine possible security issues related to Oracle Java products. Give us a call now, and find out whether you are at risk!
 

Softline Solutions | Keywords: Oracle, Cybersecurity, Java