Java and the Future of Forms

Another week, another Java-related Security Alert. Oracle is calling this one CVE-2016-0636, and it comes with a CVSS risk score of 9.3, which means bad. Just visiting a malicious web site can give an attacker control of your machine.

Since Oracle Forms depends on Java, this means that all your client machines need this patch. If you are running an unsupported version of Oracle Forms, you have an unpleasant choice:

  1. Either you dare to let your clients run auto update, risking that one morning your Forms application is dead
  2. Or you don’t apply security patches automatically (or at all), leaving you open to attack

Fortunately, there is an easy solution: Upgrade.

I’m talking more about the future of Forms in this week’s Oracle Tool Watch newsletter.