We are doing several things: 1) continuing a "scrubbing" of the code, to look for holes so we can fix them 2) listening (really) to all comments about the applet security model and mechanisms - some people fault the model, others fault the mechanisms, and I'm interested in all critical feedback and find it helpful 3) continuing to be committed to source code releases to continue vetting by internet community 4) working with others in the networking security community to design ways to expand the functionality allowed to applets in a secure way 5) working on mechanisms to support signed classes, so that people will be able to authenticate downloaded code. Granted just because code is authenticated, that doesn't necessarily mean it's trusted As technical info on those things is written down, we'll put it on our web site for review and criticism - Marianne JavaSoft, Sun Microsystems mrm@eng.sun.com mrm@netcom.com