On January 12, 2013, The Department of Homeland Security recommended that organizations stop using Java and uninstall Java throughout our organizations. The problem is, many organizations use Java as a regular, if not critical, part of their IT infrastructure. Sadly, it is the #1 language used in application development, with over 28% of all programs currently running within organizations. So Java is everywhere throughout our infrastructures and we are simply recommending to uninstall it? Sure, over the past few weeks there have been more than a few new 0-days for Java, but, as info sec pros we need to come up with better recommendations than simply uninstalling an app that is required for so many.
Every time we say things like "Don't use IE!! Uninstall Adobe Acrobat!! Uninstall Java!!" we get a little further down the path of total irrelevance to management and the rest of the IT community. So, to combat this, we are going to be doing the first in a monthly series of webcasts.
In this webcast we will be covering a number of ways to secure Java in your environment. From different web filtering tricks to some pretty cool GPO kung-fu from Carlos. Rather than simply saying uninstall Java we are going to do our best to provide you with mitigating controls to manage risk, rather than pretend it can be eliminated.
This webcast will be this Tuesday the 29th at 2 PM EST. Check it out here.
See you then.