On Tue, Mar 5, 2013 at 6:08 PM, Rainer Duffner <rainer at ultra-secure.de> wrote: > The question is rather: are there days without new "emergency patches" for Java? Yeah, right, like there are no 0day patches periodically for a multitude of software, including Apache, PHP, and the like. And what are Microsoft´s "Patch Tuesday" Windows updates for, after all?. Adobe Rolls out emergency patch for Flash plug-in http://www.itworldcanada.com/news/adobe-rolls-out-emergency-flash-patch/146804 Critical PHP vulnerability exposes web sites to data theft http://www.infoworld.com/t/application-security/critical-php-vulnerability-exposes-servers-data-theft-or-worse-192428 Top ten PHP security vulnerabilities (Oct 2012) http://phpmaster.com/top-10-php-security-vulnerabilities/ PHP patches actively exploited CGI vulnerability http://www.pcworld.com/article/255289/php_patches_actively_exploited_cgi_vulnerability.html Security is a process. There is no "permanently secure" software. Not even OpenBSD with its "memory randomization". http://pages.citebite.com/h9a3a5k5umdw FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell