* Ben Laurie: > So, it seems to me that when you say its easier to write secure code in > Java than C what you really mean is that its easier to write code free > of buffer overflows in Java than C. > > I can't think of _any_ other interesting security properties that Java > has and C lacks. Am I missing something?
Memory management bugs soemtimes result in security bugs as well. But with respect to JVM security, I don't think such trivialities are important. Writing a robust verifier/optimizer/native code generator combination is difficult in any programming language (especially if your design is somewhat flawed from a security POV 8-).
