wiredmikey writes "Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
PCM2 writes "Kids these days just don't care about open source. That's the conclusion of the Software Freedom Law Center's Aaron Williamson, who analyzed some 1.7 million projects on GitHub and found that only about 15% of them had a clearly identifiable license in their top-level directories. And of the projects that did have licenses, the vast majority preferred permissive licenses such as the MIT, BSD, or Apache licenses, rather than the GPL. Has the younger generation given up on ideas like copyleft and Free Software? And if so, what can be done about it?" Not having an identifiable license is one thing, but it seems quite a stretch to say that choosing a permissive open source license is "not caring"; horses for courses.
An anonymous reader writes "Contrary to widespread thought, Google Glass will not be an advertising platform: 'Google Inc has lately told app developers that they are not allowed to present ads to Google Glass users and they are also not permitted to sell users' personal and private information for the fulfillment of advertising needs. The internet company has explicitly and openly said that the Glass platform should and must be clean and clear of any ads whatsoever, because the technology is designed to facilitate internet browsing and other related activities, therefore, the featured podium cannot be used to advertise products as it will cause the user experience to diminish.' Seems like Google is going for hardware-only revenue on this one." You're not supposed to resell the Glass hardware, either.