[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WSJ on Big Java Flaw



We are doing several things: 

1) continuing a "scrubbing" of the code, to look for holes so we
can fix them

2) listening (really) to all comments about the applet security model
and mechanisms - some people fault the model, others fault
the mechanisms, and I'm interested in all critical feedback and
find it helpful

3) continuing to be committed to source code releases to continue vetting
by internet community

4) working with others in the networking security community to 
design ways to expand the functionality allowed to applets in a secure way

5) working on mechanisms to support signed classes, so that people
will be able to authenticate downloaded code.  Granted
just because code is authenticated, that doesn't necessarily 
mean it's trusted

As technical info on those things is written down, we'll put it
on our web site for review and criticism - 

Marianne
JavaSoft, Sun Microsystems
[email protected]
[email protected]