In TheServerSide's ongoing coverage of developing secure Java software, I spoke recently with Tim Mackey, the IT evangelist for Black Duck Software. The conversation was interesting enough to pull ...

Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit ...

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

As we wrote on Tuesday, at least one of two major security vulnerabilities in Java—which is installed on an estimated 850 million PCs worldwide—was not all fixed by Oracle’s subsequent ...

Already the hacker's tool of choice, BlackHole exploitation rates have soared from a success rate of one in 10 to just one in four, due to the inclusion of a recent Java zero day.

Another previously unpublicized flaw in Java threatens the security of millions of PCs that may still have the application running on it.

When building secure Java applications, it's important to make sure there are no plain text passwords anywhere in the code base.