Grant Johnson

Corretto and Java vulnerability detections

Discussion created by Grant Johnson on Oct 15, 2019
Latest reply on Oct 16, 2019 by DMFezzaReed

We have a AWS based back-end,  mostly running NIX operating systems.    We recently migrated over 1K JAVA instances to Corretto and were pleasantly surprised to see thousands of JAVA vulnerabilities disappear - almost overnight.    It was so rapid, it raised some suspicions as to whether our scans had broken.   

 

Upon closer inspection,  the underlying  NIX hosts are still being scanned, and are fully authenticated.  I could only find 2 QIDs with "Corretto" in the title.  I don't see any detections related to JAVA on these new hosts.

 

Are we really rid of JAVA related exploits  by moving to Corretto?   I went out and bought a new unicorn to carry me as i begin delivering the good news to management but figured i needed a second opinion first.  Am i missing something?

Outcomes