Sun fixes critical Java bugs

Sun Microsystems patched 11 vulnerabilities in the Windows, Linux and Solaris versions of its Java Runtime Environment and Java Web Start, including several rated critical by outside researchers, says PC World.

The fixes to Java Runtime Environment (JRE) 1.3.1, 1.4.2, 5.0 and 6.0 plugs holes that attackers could use to bypass security restrictions, manipulate data, disclose sensitive information or compromise an unpatched machine.

Among the JRE bugs, Sun said in several security advisories, are two that allow attack code from malicious sites to make network connections on machines other than the victimised computer.

Pune has announced that the annual IndicThreads.com International Conference on Java Technology 2007 will be held in India on 26 October this year, reports Daily India.

The two-day conference is an attempt to facilitate the transformation of Indian IT.

"Software companies today realise that with India fast losing the low cost advantage, it is critical they invest into research and learning and move up the technology value chain as quickly as possible," says Sangeeta Oak, director of research and projects at Rightrix Solutions.

Until now, the definition of what actually constitutes bad code has not been an exact science with a proper formula or analytics, says Internet News.

However, thanks to the efforts of Alberto Savoia, founder and CTO of Agitar Software, there is now a statistical measure to monitor Java code. Called crap4j, CRAP is an acronym for 'change risk analyser and predictor`.

Savoia said that code complexity and a lack of testing lead to code that is difficult to maintain and enhance. Actually determining how inefficiently complex a piece of code might be, on the other hand, is what the CRAP score is all about.