- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 30 Sep 2008 15:57:21 -0700
On Sep 30, 2008, at 7:57 AM, Elliotte Harold wrote: > Maciej Stachowiak wrote: > >> More generally, I am on Apple's internal incoming security bug >> list, and I see Java applet security bugs all the time, so I think >> whatever the strength of the model may be, it does not lead to Java >> applets being secure in practice. > > Are those bugs in the model or in the VM? Stack overflow issues, > buggy code, and such are of a different character than fundamental > design flaws. Simple bugs can be fixed much more easily. Many of the bugs I see are about what applet has access to what network or local resources, i.e. failures of the access control model. I do not have direct knowledge of how easy these are to fix compared to other Java applet bugs. - Maciej
Received on Tuesday, 30 September 2008 15:57:21 UTC