Java developers remain bullish despite security problems

Though the platform has had issues lately, developers don't see them as deal breakers in Java deployments

Java's recent security woes are not scaring off developers, who don't see Java as any more vulnerable than any other platform. "There's nothing fundamentally wrong with Java," says Gonzalo Diethelm, in charge of architecture and development at the Chilean central security depository, DCV.

He is not planning to abandon Java in response to security concerns. Such suggestions are "just creating bluster," concurs Shaun Woodrow, director at the Corporate Action Company business software firm. Other developers at the JavaOne technical conference in San Francisco this week also remain confident in Java, which has had several security problems discovered lately, including the Flashback Trojan that affected more than 600,000 Macs and a weakness found in the platform's sandbox security mechanism.

[ Also at JavaOne, Oracle officials pitched upcoming Java upgrades, even as these have had important features postponed. | Think you know Java? Test your programming smarts in InfoWorld's Java IQ test. | Subscribe to InfoWorld's Enterprise Java newsletter for more Java news. ]

Not all security issues applicableSome developers noted that Java applet security has been a particular problem but these issues weren't applicable at many user sites. For example, the recent sandbox security problem was an applet issue, but most Java deployments are server side these days, says Richard Warburton, a Java developer with jClarity, an application performance monitoring startup. "[The sandbox issue] isn't actually something that affects most people." A lot of corporate environments already have disabled applet capabilities in the browser, he says.

Par Siko, a developer at the Jayway consulting firm, adds, "Java is really big on the server side, and I don't think security's a big issue on the server side."

At Barclays Bank, security testing is done to make sure systems are safe. "We have constant penetration testing and security testing. We bring in third-party companies to perform that for us," says Gareth Nolan, a technical architect at Barclays.

A developer at Sandia National Laboratories pointed out his systems are isolated from intruders anyway. "I'm not terribly familiar with [Java's recent] security issues, but I tend to develop for ether stand-alone or things that reside on small, unconnected local area networks," says technical staff member Benjamin Lawry.

Vigilance still advisedAlthough developers are not sweating over the security problems (Siko, for example, says his company will increase its use of Java), they nonetheless see the need for users and Oracle to be vigilant." Security is going to be an issue no matter what," says Woodrow. "People are going to have to focus and tighten up a little more anyway. [But] I wouldn't say [security] was an issue specifically for Java."

Siko stresses the importance of bug and security fixes, noting, "Fixing the security issues quickly, that's important, and I'm not sure if [Oracle] has done such a good job there."

The issue of Java security came up during an Oracle press conference at JavaOne on Wednesday, with Oracle officials emphasizing security as a priority. "In general, we've been investing in Java all over the board and security is one of those areas," says Georges Saab, vice president of development for Java Platform, Standard Edition (Java SE) at Oracle.

This article, "Java developers remain bullish despite security problems," was originally published at Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow on Twitter.

Read more about application development in InfoWorld's Application Development Channel.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paul Krill

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place