On Tue, Mar 5, 2013 at 6:08 PM, Rainer Duffner rainer@ultra-secure.de wrote:
The question is rather: are there days without new "emergency patches" for Java?
Yeah, right, like there are no 0day patches periodically for a multitude of software, including Apache, PHP, and the like. And what are Microsoft´s "Patch Tuesday" Windows updates for, after all?.
Adobe Rolls out emergency patch for Flash plug-in http://www.itworldcanada.com/news/adobe-rolls-out-emergency-flash-patch/1468...
Critical PHP vulnerability exposes web sites to data theft http://www.infoworld.com/t/application-security/critical-php-vulnerability-e...
Top ten PHP security vulnerabilities (Oct 2012) http://phpmaster.com/top-10-php-security-vulnerabilities/
PHP patches actively exploited CGI vulnerability http://www.pcworld.com/article/255289/php_patches_actively_exploited_cgi_vul...
Security is a process. There is no "permanently secure" software. Not even OpenBSD with its "memory randomization".
http://pages.citebite.com/h9a3a5k5umdw
FC