Milton Smith,
Senior Principle Security Program,
Java Platform Group
Security remediation, features, highlights.
Threat landscape, defensive measures, security features.
Remediation:
Security features highlights:
Senior Principle Security Program,
Java Platform Group
- Critical patch update (CPU
- Security alert hotfix, can't wait.
- New java 7 features.
- Disable java.
- Best before date to update.
- Security slider, secure vs risk. Exploits so remove low and custom security level.
- Signing for sandboxed apps with privileges separate.
- Standardize CRLs revocation.
- Repurposing Jars so lock jars to specific servers.
- Java malware so whitelisting for enterprise and partners using deployment ruleset.
- Warning when jre out of date, with disabling.
- Improved uninstaller.
- Malware so code-signing default for applets. Consumer based support for legacy applets.
- New java 8 featues:
- all 7
- TLS1.2 as default transport encryption.
- Enhanced revocation services with caching.
- Static analysis tool for dependencies (3rd party analysis).
- Type annotations, @readonly, etc. String tainting tool.
- TLS extension for cloud use, 1 IP to multiple servers.
- Slow to upgrade or patch best for production. Exploiters have patched vulnerabilities.
- Hackers need your code. Not true, probably would be confusing.
- Attackers are gifted. They're like engineers, some gifted, some not.
- Never a security incident = secure. Need to know threat landscape. Fix ones that matter.
- Security and compliance same.
- Security is impossible. Do your best.
No comments:
Post a Comment