Infoworld - Java's recent security woes are not scaring off developers, who don't see Java as any more vulnerable than any other platform. "There's nothing fundamentally wrong with Java," says Gonzalo Diethelm, in charge of architecture and development at the Chilean central security depository, DCV.
He is not planning to abandon Java in response to security concerns. Such suggestions are "just creating bluster," concurs Shaun Woodrow, director at the Corporate Action Company business software firm. Other developers at the JavaOne technical conference in San Francisco this week also remain confident in Java, which has had several security problems discovered lately, including the Flashback Trojan that affected more than 600,000 Macs and a weakness found in the platform's sandbox security mechanism.
[ Also at JavaOne, Oracle officials pitched upcoming Java upgrades, even as these have had important features postponed. | Think you know Java? Test your programming smarts in InfoWorld's Java IQ test. | Subscribe to InfoWorld's Enterprise Java newsletter for more Java news. ]
Not all security issues applicableSome developers noted that Java applet security has been a particular problem but these issues weren't applicable at many user sites. For example, the recent sandbox security problem was an applet issue, but most Java deployments are server side these days, says Richard Warburton, a Java developer with jClarity, an application performance monitoring startup. "[The sandbox issue] isn't actually something that affects most people." A lot of corporate environments already have disabled applet capabilities in the browser, he says.
Par Siko, a developer at the Jayway consulting firm, adds, "Java is really big on the server side, and I don't think security's a big issue on the server side."
At Barclays Bank, security testing is done to make sure systems are safe. "We have constant penetration testing and security testing. We bring in third-party companies to perform that for us," says Gareth Nolan, a technical architect at Barclays.
A developer at Sandia National Laboratories pointed out his systems are isolated from intruders anyway. "I'm not terribly familiar with [Java's recent] security issues, but I tend to develop for ether stand-alone or things that reside on small, unconnected local area networks," says technical staff member Benjamin Lawry.
Vigilance still advisedAlthough developers are not sweating over the security problems (Siko, for example, says his company will increase its use of Java), they nonetheless see the need for users and Oracle to be vigilant." Security is going to be an issue no matter what," says Woodrow. "People are going to have to focus and tighten up a little more anyway. [But] I wouldn't say [security] was an issue specifically for Java."
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
