The Federal Trade Commission announced that it has won concessions in a settlement with software maker Oracle over the company’s failure to uninstall older, insecure Java SE software from customer PCs upon upgrade.
This, said the FTC, despite Oracle’s explicit promise to its users that updates would render their machines “safe and secure.”
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1855312,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,commerce,","session":"D"}']By abandoning these legacy builds, Oracle essentially left backdoors open on the computers of its customers — backdoors well-known to potential attackers due to their widespread publicity among security researchers.
As part of the settlement, Oracle will be responsible for both notifying its users of the terms it agreed to and the risks posed by its uninstalled software, as well as for providing the tools necessary to perform complete removals.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Action like this highlights the need for industry watchdogs, as insecure legacy software is a prime example of what economists call externalities: negative consequence of economic behavior that the free market provides no incentive to correct or account for.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More