Oracle has settled complaints with the Federal Trade Commission over security issues with its Java Platform, a move security experts said should herald more full-disclosure initiatives from software companies about vulnerabilities and patching.
The FTC complaint said Oracle’s Java Platform, Standard Edition software (Java SE) deceived customers about how secure it was, leaving some older, vulnerability-filled versions of the software on systems while updating customers to the newest versions. The FTC said Oracle specifically did not uninstall versions before Java SE version 6 update 10.
The FTC complaint said Oracle was aware of these “significant security issues,” but deceived customers by promising that updates ensured the system would be “safe and secure.” The FTC said it found a large number of hacking incidents that exploited vulnerabilities in the older Java SE software, including allowing them to access consumer user names, passwords and other sensitive information.
