Don Box: Huge Security Holes in Solaris, JVM

DaHat writes "Don Box, one of the authors of the original SOAP specification in 1998, now an architect on Microsoft's next generation Indigo platform recently responded to James Gosling's remarks regarding huge security holes within the .NET Common Language Runtime (CLR). Don argues that the same 'flaws' that Gosling noted in the .NET CLR exist both within the Solaris operating system as well as the JVM, both of which support execution of C and C++ code, as well as explaining why this is not necessarily a bad thing."

On Defense

[fembots]

First instance of Microsoft mehing FUD?

Next up, Notepad will be the target since it allows any malicious code to be written on it.

Flaws aren't a bad thing?

[MattyDK23]

I can see it now..."Bugs deserve rights too!"

Standards

[davidstrauss]

Is this the new Microsoft Box model?

Re:Flaws aren't a bad thing?

[Rosco P. Coltrane]

I can see it now..."Bugs deserve rights too!"

Well, ask the original bug [faqs.org] at NSWC if it enjoys being taped to a cardboard note since 1947...

This proves Python, Perl, and other FOSS==secure

[Anonymous Coward]

Since Java and .NET are both so insecure; by subtraction, F/OSS is the most secure stuff around!

here we go again....

[kevinx]

is this one of those, "your hole is bigger than mine" arguments?

Re:Reminds me of this link

[Anonymous Coward]

Wooo, someone is stupid enough to use Exeem!

This just in!

[kiwidefunkt]

This just in: Programming languages are insecure. They allow third parties to run arbitrary code on your processor.

Microsoft will be releasing a patch which fixes this problem soon. Stay tuned.

But that's where you're wrong-- Inline.pm!

[Anonymous Coward]

But Perl and Python have the same security flaw we are discussing with regards to .NET and Java-- both allow linking against unsafe compiled code!

So the only really safe language to be using, in truth, is HQ9+ [biffle.org]. Rather than leaving the opportunity for error as Perl, Python, Java and .NET do, HQ9+ utilizes an innovative language design which ensures by the very syntax of the language that security violations are not possible. Consider using HQ9+ for your next enterprise application development project.

Re:It's that darn C and C++ code again..

[SnarfQuest]

Intercal! It's very hard to write viruses using it.

(It's very hard to write anything else in it either)

Hmm..

[vurg]

So when will this become a serial exchange of yo momma jokes?

Whiny

[5n3ak3rp1mp]

I can't help feeling that some small percentage of this type of back-and-forth is something like a junior-high whiny geek arguing about how the Micro Channel bus architecture is better than ISA and that , incidentally, Apples are utterly irrelevant. ...Oh, wait. That geek was at one time a friend of mine, and this was circa 1985, and this was an actual discussion. ;) (hi, don ulrich! i still use a Mac, and Apple still exists! where's your precious PS/2 micro-channel NOW?!?! nyaaah, nyaaah!!)

Comment removed

[account_deleted]

Comment removed based on user account deletion