Java faces major security questions

At the moment, it's not quite clear what the long-term prospects for Java are, as a result of several notable developments. While the likelihood of any large-scale or total phase-out of the programming language is low – at least in the immediate future – Java's creator, Oracle, and its many users are in something of a holding pattern. Enterprises that are on the threshold of major legacy application modernization or digital transformation projects would do well to ensure they fully understand Java's current position vis-a-vis that of other coding languages.

Oracle's controversial security email

In November 2018, Oracle publicly stated that it would cease offering security updates for Java 8 SE in January of the following year for business users, while personal customers would receive security patches until December 2020 at the earliest. Because it was already reasonably well known – and confirmed again in Oracle's statement – that a new major update was coming April 16, this didn't earn much attention at first. But not long after, some Java users began receiving emails saying that the critical security patch would only be available for those with active commercial licenses.

Java faces major security questions
Some Java users may find themselves without access to critical security updates for the coding language.

According to the infosec blog BleepingComputer, HackerOne, a cybersecurity firm that connects white-hat hackers to enterprises in need of protection, got such an email from Oracle. Alex Rice, the company's co-founder and chief technology officer, said the email detailed how eschewing the update would create critical vulnerabilities for Java users who didn't install it. Since Rice states that he doesn't use Java at all for his business or personal computing needs, he found the message alarming, as if it were a strong-arm tactic to intimidate individuals into purchasing a license.

Implications for the future

BleepingComputer writer Lawrence Abrams noted that at the time of its post – late in the afternoon on March 29, 2019 – Oracle hadn't yet commented on the matter. Whether the computing giant will do so or not is unclear. It is possible that the tone of the email might have been misinterpreted, or that it's a phishing scam with a very clever disguise (including the name of an Oracle account manager and that individual's personal information, which was redacted from Abrams' blog post). 

Regardless of how this particular incident plays out, Java isn't going anywhere. As TechRepublic noted, new iterations of the programming language come out almost like clockwork every six months or so, and developers continue to come up with new applications for Java that aim to work around its limitations, such as its trouble with concurrency, formatting issues and the overall question of adaptability. The bottom-line effectiveness of such projects remains to be seen.

Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary terminal emulation tool called the Flynet Viewer. This solution allows developers to craft reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Flynet Viewer supports streamlined IT modernization and meets employer and staff expectations in a way that feels both familiar and simple. Contact us today or review our extensive product catalog to see how Inventu can optimize your infrastructure and also help you rid your servers of unsafe Java.