OpenJDK may tackle Java security gaps with secretive group

OpenJDK may tackle Java security gaps with secretive group

By | August 28th, 2017
No Comments on OpenJDK may tackle Java security gaps with secretive group

The private group would tackle code vulnerabilities that currently are

handled without coordination—or not at all


														
							

The proposed OpenJDK (Java Development Kit) Vulnerability Group would provide a secure, private forum in which trusted members of the community receive reports on vulnerabilities in code bases and then review and fix them. Coordinating the release of fixes also would be part of the group’s mandate. (Java SE, the standard edition of Java, has been developed under the auspices of OpenJDK.)

The vulnerability group and Oracle’s internal security teams would work together, and it may occasionally need to work with external security organizations.

The group would be unusual in several respects, and thus requires an exemption from OpenJDK bylaws. Due to the sensitive nature of its work, membership in the group would be more selective, there would be a strict communication policy, and members or their employers would need to sign both a nondisclosure and a license agreement, said Mark Reinhold, chief architect of the Java platform group at Oracle.

Source

Google
Nisheeth Bhakuni