Re: Java: the next platform-independent target

["Steven M. Christey" <coley () linus mitre org>]

On Thu, 21 Oct 2010, James Manico wrote:

> A lot of smart people disagree with me here - but the history of Java
> sandbox problems, data theft though reflection, the weak security policy
> mechanism, etc, backs up my recommendation.

Given the history of security problems in the PHP interpreter itself, and 
the occasional issues in Perl, and don't forget some of the tidbits in 
ASP.Net, maybe all those should be tossed out as well, and we should all 
move back to C. ;-)

Compilers/interpreters are software, too, and so are going to be subject 
to vulnerabilities.

(Not that I'm disagreeing with strategies that reduce attack surface, such 
as disabling client-side functionality.)

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________