With Java facing all types of security concerns, Oracle has fallen dangerously behind the times with the policies and practices it utilizes on its Java platform, according to a Kaspersky Lab researcher.
Oracle has not kept pace with the security advances made by other companies in recent years, said Roel Schouwenberg, a senior antivirus researcher with the Kaspersky Lab global research and analysis team.
“You can see that Microsoft has gone to sandboxing for Office, Adobe has gone that way, Google has gone that way with Chrome,” Schouwenberg said.
“When you look at what Oracle has done, the sad reality is nothing. And I have to ask why we are letting Oracle get away with this?”
According to figures from Kaspersky, Java remains a top target for malware writers and cyber criminals. Along with Adobe Reader and Flash, Java vulnerabilities are the most popular for online exploits which lead to malware infections.
Adobe has extended the security protections on Reader and Flash. Oracle, however, just installed basic security measures, Schouwenberg said.
“Two years ago I would have been slamming Adobe for its security,” the researcher said. “Adobe still makes its mistakes, but with Oracle we don’t see anything that they are doing to change something.”
Oracle did not respond to a request for comment on the matter.
While the researcher singled out Oracle for its practices, the software giant is far from the only vendor Schouwenberg sees ignoring security issues.
He said Google’s loose oversight of its Play market has left Android devices vulnerable to malware, while Apple continues to ignore major security risks on the OS X platform in the wake of the Flashback malware outbreak.