This discussion is really interesting. Just keep it civil, folks. Remember we’re disagreeing to learn from one another.
FWIW, based on my interactions with Standard Bank over the years in covering security news for MyBroadband, they’re the ones who’s security practices concern me the most.
Maybe things are better now, but using Java/Java EE 6 is super dodgy.
I genuinely get concerned about security practices. You can get away with truly dodgy things that on the surface appears totally secure.
I looked and its difficult to draw any conclusions from a list of 600 CVEs.
However, I clicked on the “CVE Scores greater than 9” filter and there are lots in there affecting Java SE 6, 7, and 8.
They are all old. Is there a way to see which have been patched?
Apologies it is java 8 not 6, even though the website says upgrade to the latest version, once you do the launcher wont open and their business online tech support recommended we revert to version 8 as its the LTS release they’re supporting
You have to start digging deeper past this point. Oracle tends to be relatively good at patching their software once issues have been identified, but it does leave you exposed.
Banks (and I cannot comment on banks outside of SA) move so slowly when it comes to supporting new operating systems, frameworks, platforms, etc.
well thats not good
Looks like it wasn’t reported very well. They’re saying it is a 16 month old vulnerability in a 3rd party library that is long since fixed.
