Scott Brickner writes:
Unfortunately, this last statement isn't really true. To quote from the "Java Security" paper from some Princeton researchers:
The Java language has neighter a formal semantics nor a formal description of its type system. We do not know what a Java program means, in any formal sense, so we cannot reason formally about Java and the security properties of the Java libraries written in Java. Java lacks a formal description of its type system, yet the security of Java relies on the soundness of its type system.
I will point out that complete formal semantics exist for other, perfectly practical to use languages, like Scheme.
We conclude that the Java system in its current form cannot easily be made secure. Significant redesign of the language, the bytecode format, and the runtime system appear to be necessary steps toward building a higher-assurance system. . . . Execution of remotely- loaded code is a relatively new phenomenon, and more work is required to make it safe.
I do think that the ideas embodied in Java are very important, and will significantly shape the future of computing, but Java itself may be just a stepping stone on the way.
I go further. Java, as envisioned, cannot be made secure. It is too powerful a language. Furthermore, it is unnecessary for the tasks that it is used for, which are basically adding fancy wacky graphics and simple applications and such to web pages. Perry