Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Flaws in Oracle file processing SDKs affect major third-party products

Lucian Constantin | July 22, 2016
Eighteen flaws in Oracle's Outside In Technology also impact enterprise software products from other vendors

"However, the unfortunate reality is that vulnerabilities that are found in an SDK that is utilized by third-parties will take additional time to patch: First the organization that maintains the SDK issues a fix, and some amount of time later, third-parties that utilize the SDK provide an update to their customers including these fixes," the Cisco researchers said. "This provides a rather large window of time in which miscreants can exploit vulnerabilities in third-party products."

At a time when over 80 percent of any new software application consists of third-party code, tracking vulnerabilities in outside libraries is very important. Unfortunately, studies show that many software developers not only fail at this task, but don't even have a clear picture of which third-party components they used in which of their applications.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.