Oracle adopts Trustworthy Computing practices for Java
Okay, I had to troll a bit with that title.
From a piece in SC Magazine:
Oracle formally has announced improvements in Java that are expected to harden a software line with a checkered security past.
Java has been part of Oracle’s Software Assurance processes since it was acquired, but they aren’t as robust as Microsoft’s Trustworthy Computing principles. Not that Oracle is following Microsoft (DO NOT TAUNT HAPPY FUN ORACLE) but there are two specific principles they are moving toward:
- Secure by design. Instead of code testing and bug fixing, they announced they are moving into stronger sandboxing and fundamental security.
- Secure by default. Altering existing settings in the product for a more secure initial state.
If they keep on this path and build a stronger sandbox, Java in the browser might make a return just in time for HTML5 to kill it. But hey, at least then it won’t be because of security.