The Federal Trade Commission announced that it has won concessions in a settlement with software maker Oracle over the company’s failure to uninstall older, insecure Java SE software from customer PCs upon upgrade.
This, said the FTC, despite Oracle’s explicit promise to its users that updates would render their machines “safe and secure.”
By abandoning these legacy builds, Oracle essentially left backdoors open on the computers of its customers — backdoors well-known to potential attackers due to their widespread publicity among security researchers.
As part of the settlement, Oracle will be responsible for both notifying its users of the terms it agreed to and the risks posed by its uninstalled software, as well as for providing the tools necessary to perform complete removals.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
Action like this highlights the need for industry watchdogs, as insecure legacy software is a prime example of what economists call externalities: negative consequence of economic behavior that the free market provides no incentive to correct or account for.
