[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS-related problem, and, motherhood 'n apple pie, etc
I hope people evaluate Java (and all software) based on technical issues,
and not based on whether or not you think I'm clueless, brain damanged or
a liar.
We take the DNS-related problem very seriously; we do understand how DNS
works (I did say "apologies for the oversimplifiation"); we never have put
our heads in the sand. I do think it's a bit unfair to the Java team to
say we put our heads in the sand, since we are deliberately trying to be
as open and honest and forthcoming as we can. I mean, we are publishing
full source code, which I'm not sure is the case for lots of software that
people place a lot of trust in, implicitly or explicitly.
As I've said every time I've said anything, every time security awareness
on the net is raised, I think it's good for the net. I personally don't
regard the internet as secure, and any information I care about I have
encrypted on disk. Any information I really, really care about I don't
even have on the internet. I do regular backups. I'm not saying this is
what everyone has to do. But it's not that hard or time-consuming, and it
wouldn't hurt. But people who are in charge of corporate security for
their company, or people who have very sensitive or very valuable
information on their disks, should consider the many ways that the internt
is insecure, not just how some applet could be exploited.
Having said that, does that imply that I think it's OK for a Java
application to have security holes? Of course not! I hope we can use
Java-the-language to build more secure systems than we've gotten used to
surviving in the past. Does that mean I'm downplaying the importance or
seriousness of any applet-related hole? Of course not! I think it's
possible simultaneously to understand the seriousness of a security hole,
AND still to say it's a good idea for people to practice safe internet.
Marianne Mueller
I work for Sun, on the Java team.
[email protected]
[email protected]
http://java.sun.com/people/mrm/