Non-Oracle organizations shipping binary products based on OpenJDK code bases—such as IBM, Red Hat, and SAP—mostly handle security vulnerabilities on their own, with occasional help through private communication with Oracle. Most private communication …

Read full article here..

  • https://www.computerworld.com.au/article/626499/openjdk-may-tackle-java-security-gaps-secretive-group/?fp=16&fpid=1