In a call made publicly available by Oracle, the leaders of the Java development group took up the issue of what’s wrong with Java today.
“We have to fix Java, and we have been doing that,” Oracle Java security lead Milton Smith said during the call.
Smith highlighted the new security slider that debuted in the 7u10 release as being a positive step forward. He also identified the core focus for his team’s security efforts.
“A lot of the things we’re looking at focus on Java in the browser,” Smith said. “That’s where we have seen most of the weakness with Java, and that is the concern we are targeting.”
While Smith aimed to strike a positive tone about the future direction of Java security, those in the security research community are not as optimistic. HD Moore, CSO of Rapid7 and chief architect of the Metasploit framework, told eSecurity Planet that in his view Smith did not inspire any confidence that Oracle was on the right track or applying the right resources to the problem.