Oracle releases 127 security fixes, 51 for Java alone

<i>I heard that Oracle won the America&#x27;s Cup recently which leads me to give them some unsolicited advice.</i><p><i>Put the award on the shelf in your lobby, sell the ten million dollar boat and hire the engineers needed to update the Java patch cycle to monthly with the spare cash.</i><p><i>3+ billion devices will thank you.</i><p>Spot on. Working with their products on a daily basis, I just get the feeling that Oracle doesn&#x27;t really give a shit about anything other than that god damned boat.

I was reading this FUD whitepaper just a while back, in which they are saying OSS is unsuitable for enterprises, unscalable, untested, insecure, etc. <a href="http://www.oracle.com/us/products/middleware/cloud-app-foundation/weblogic/dod-and-open-source-software-2012277.pdf" rel="nofollow">http:&#x2F;&#x2F;www.oracle.com&#x2F;us&#x2F;products&#x2F;middleware&#x2F;cloud-app-found...</a><p>And then this.

They would gain a bit more respect by getting rid of the Ask toolbar option from the Java installer. Wonder if they actually make any significant money from that garbage.

Did I understand the article correctly...Oracle releases lots of security fixes, and the author is _critical_ of this?

(Mac OSX): Can anyone explain why &#x27;java --version&#x27; still produces java version &quot;1.7.0_17&quot; even though I&#x27;ve updated?<p>EDIT: Solved. Including this in case anyone runs into it. There are apparently two update mechanisms in OSX (1) From within System Preference-&gt;Java Control Panel and (2) By downloading the java file manually from Oracle.<p>I ran the update &quot;1&quot; from control panel and said system had been updated to U45, but command line didn&#x27;t reflect that.<p>After manually downloading and installing JDK from Oracle command line now reflects &quot;1.7.0_45&quot;.<p>I have no idea why this half-baked situation exist, but evidently its how it works....?

Could someone explain why Applets&#x2F;Webstart is so insecure? I know that JRE itself isn&#x27;t really bad, it&#x27;s the web-plugin for Java that has security vurnabilities. But how so?

Every time there is a report for Java security exploits, I would like to see bug listings from other compiler runtimes, specially C and C++ ones.

&gt; <i>&quot;51 security vulnerabilities are addressed in Java this quarter, and 50 of them affect Java Applets or Java WebStart, the plugin that runs Java in your web browser. Worse yet, all but one are remotely exploitable without authentication.&quot;</i><p>I wonder is that&#x27;s just where all the cruft is, or if Oracle is getting serious about webstart?

Are all of these Java vulnerabilities lately recently introduced or just recently discovered?