What am I risking if I don't update my SDK/JDK and bundled runtime/JRE every time there's a security update?
Posted
by
rob
on Programmers
See other posts from Programmers
or by rob
Published on 2013-10-18T17:10:01Z
Indexed on
2013/10/18
22:16 UTC
Read the original article
Hit count: 203
It seems like there's a new major security hole patched in Java every other week, and I would assume the same goes for other development platforms. After years of frustration trying to get customers to install and configure a compatible JRE on their systems, we started bundling one with our software. (By bundling, I mean we extract a copy of the JRE in our installation directory--we don't install the JRE and configure it as the system default.)
The problem is, it's a hassle having to keep that JRE up-to-date because first we have to retest everything to make sure the update didn't break anything (it has broken some of our third-party dependencies in the past).
How seriously, if at all, are we putting our customers at risk if we don't update our SDK/JDK and the runtime/JRE that we bundle with our product every time there's a security update? Is it reasonable to just update on a periodic schedule--say, once every 6 months or so?
© Programmers or respective owner