At 8:34 PM 5/2/96 -0400, Perry E. Metzger wrote:
At one of my clients, there is a software testing lab where all software that is placed on the trading floor is rigorously tested for months before it is put out on the users desktop -- it is, indeed, tested in conjunction with all other products the user would be using. No software is deployed before rigorous testing occurs. By the time the thing is put out, it is known to a high degree of certainty that it will not cause damage.
My clients have a similar testing setup for new communications software. It is one way they are able to offer a reliable service to their clients.
I would very much prefer a language who's security did not require such analysis. Java, sadly, does require such an analysis because it requires perfect implementation for its security model to work. In a restricted execution environment that was designed with defense in depth in mind, such an analysis would be a bonus, but not strictly required.
All secure systems require perfect implementation of the security kernel. Java has a very large security kernel, since it's kernel includes the kernel in the underlying operating system. As such, it is probably not suited for high security environments.* However, it may well be secure enough for individuals to run on their private machines. * If a Java equipped browser is run in a operating system provided secure environment, this restriction may not apply. Such an operating system would have to provide Orange Book A or B level features (mandatory security). ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA