[Freedombox-discuss] Java vulnerabilities
Petter Reinholdtsen
pere at hungry.com
Wed Jun 17 05:52:53 UTC 2015
[Sandy Harris]
> A rather scary article:
> http://www.itworld.com/article/2936575/security/software-applications-have-on-average-24-vulnerabilities-inherited-from-buggy-components.html
I find the article mostly stupid, I must admit. It keep repeating that
the problem is caused by the use of open source components, while in
reality the situation is worse when using proprietary components, at
least based on my experience in both free and proprietary software
development. Using old software components is a risk, and in the free
software world it is easier to get access to the new components.
> Does the current Fbox implementation use Java? Should we eliminate it
> as a matter of necessary security policy? If not, how can we deal with
> these issues?
As far as I know, nothing in the current Freedombox uses Java. But that
is really beside the point.
> Are other things we use also high-risk? Javascript? Perl? Python? ...?
If you claim using high level programming languages like Javascript,
Perl and Python is a specially high risk, I believe you have
misunderstood something. If you do not claim this, I fail to understand
what you mean. The free software implementations of Perl and Python are
of very high quality compared to proprietary software according to
yearly reports from Coverity. Javascript have several implementations,
so it is not possible to make a sensible general statement about its
quality.
--
Happy hacking
Petter Reinholdtsen
More information about the Freedombox-discuss
mailing list