From: mrm@doppio (Marianne Mueller)
Message-Id: <199612240014.QAA03067@puffin.eng.sun.com>
Subject: Re: JAVA security
To: hires.2@osu.edu (Will Hires)
Date: Mon, 23 Dec 1996 16:14:34 -0800 (PST)
In-Reply-To: <32BCB4FD.72DB@osu.edu> from "Will Hires" at Dec 21, 96 11:11:41 pm
This is a vexing problem -- I believe Java is a safer and more robust
language
*and* platform than anything else out there, but due to the publicity
this year, people's perceptions are exactly the opposite.
The reality is that the bugs that got so much press were fixed
quickly and the fixes were propagated to licensees who incorporated
the fixes into their products. As far as I know, no one apart from
the Princeton team ever found the bugs they found (which were fixed)
although many people did try to reproduce their effort. I'm not saying
the situation is perfect, but, the situation is in much better shape
than the net rummor mill would suggest.
We wrote a short (7 page) high-level whitepaper that we hoped would
be good to show to people who have exactly that question. You can
get a copy from http://java.sun.com/security/whitepaper.ps.
That whitepaper puts security concerns in perspective and also describe
generally how the Java security model works.
For more info, see the other documentation at http://java.sun.com/security
I think long term, the best thing for Java security will be people's
continued positive experiences being able to use Java to build
safe internet applications.
Marianne
>
> Exactly what can I say to someone who insists the JAVA language is
> inherently a security problem? Thanks.
>