How to provision users in a cloud world
When subscribing to multiple SaaS offerings serving many users, it gets complicated quickly. Here's how to address the problem now and in the future.
Phil Rhodes, September 2013

Oracle: We're getting Java security under control
Most problems date back more than a decade and resulted from old versions of Java being run, a company official insists.
Paul Krill, September 2013

Apache Struts security update disables vulnerable feature
Developers are advised that the newly released Struts 2.3.15.2 fixes a security issue by disabling dynamic method invocation by default, which could mean refactoring for future installations.
Lucian Constantin, September 2013

Enterprises still running old Java and Flash software, Websense finds
Four out of 10 enterprises are still using obsolete Jave 6 SE, leaving them open to a range of serious security risks, according to a recent Websense survey.
John E. Dunn, September 2013

Google to NSA: You'll have to take our data the hard way
The cloud industry, led by Google, is turning its focus away from blocking criminal hackers to blocking systematic government snooping.
David Linthicum, September 2013

Salesforce.com mobile app developers gain security tools
Salesforce.com's Mobile SDK is now compatible with Good's containerization technology.
Mikael Ricknäs, August 2013

Java security will be in the spotlight at JavaOne
Oracle isn't shying away from Java's well-publicized security issues at the upcoming conference, with sessions focusing on Java malware, web container security, and recent JRE security enhancements.
Paul Krill, August 2013

10gen CEO: NoSQL has come far, but still needs better security, management
NoSQL databases are known for being able to handle high volume data that doesn't fit the relational model, but the NoSQL ecosystem is not yet mature enough for many mainstream applications, said the MongoDB CEO.
Paul Krill, August 2013

How to defend your Web apps against the new BREACH attack
Security experts offer tips for defeating a new exploit that lets attackers snag sensitive Web application data even if it's protected by SSL.
Ted Samson, August 2013

Researcher builds botnet-powered distributed file storage system using JavaScript
HiveMind, built by Sean T. Malone, uses JavaScript to store data on a network of computer nodes, with or without an admin's permission.
Lucian Constantin, August 2013

Most enterprise networks riddled with vulnerable Java installations, report says
Security firm Bit9 reports that Java 6 is the most prevalent Java installation on enterprise systems, while Java 7 installs remain minimal despite security updates.
Lucian Constantin, July 2013

Proof-of-concept exploit available for Android vulnerability
Bluebox Security releases technical details of a vulnerability in Android's digital signature verification, which could help attackers turn legitimate apps into Trojan programs.
Lucian Constantin, July 2013

Survey: Control and security of corporate open source projects proves difficult
A recent survey by Sonatype found widespread use of open source -- with 80 percent of a typical Java application assembled from open-source components -- but a lack of corporate standards governing usage.
Ellen Messmer, April 2013

Researchers find serious flaw in latest JRE for desktops, servers
Security Explorations researchers say that a new sandbox bypass vulnerability in the Java 7 Reflection API puts JRE desktop and server versions at risk.
Lucian Constantin, April 2013

Java 8 release delayed until next year
The GA version of Java SE 8 needs more work to improve the Java security model and has been pushed into the first quarter of 2014. A developer release is still promised in September, however.
Paul Krill, April 2013

Find more >

Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld