On Sep 30, 2008, at 7:57 AM, Elliotte Harold wrote:
Maciej Stachowiak wrote:
More generally, I am on Apple's internal incoming security bug
list, and I see Java applet security bugs all the time, so I think
whatever the strength of the model may be, it does not lead to Java
applets being secure in practice.
Are those bugs in the model or in the VM? Stack overflow issues,
buggy code, and such are of a different character than fundamental
design flaws. Simple bugs can be fixed much more easily.
Many of the bugs I see are about what applet has access to what
network or local resources, i.e. failures of the access control model.
I do not have direct knowledge of how easy these are to fix compared
to other Java applet bugs.
- Maciej
