RealNews

Security Disclosure Debate Reignites

Online security consultancy Spi Dynamics has sparked a new debate over the responsible handling of vulnerability warnings with the release of an alert for multiple security holes in the Sun ONE Application Server 7.0. The Atlanta-based Spi Dynamics issued the warning without the availability of a patch or workaround from Sun Microsystems (Quote, Company Info). A spokesperson for Sun confirmed the existence of the security holes and said one of the bugs has already been fixed in Update 1 of Application Server 7.0. “We’re aware of the security issues and have fixes underway. The other three bugs will be fixed in Update 2, expected to be available in August,” the spokesperson told internetnews.com. However, a JSP source code disclosure vulnerability which carries a “High” severity rating is still unpatched. According to Spi Dynamics CEO Brian Cohen, the decision to release the information was made after several unsuccessful attempts to reach Sun’s security unit. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.