John Young wrote:

...

Wall Street Journal, March 26, 1996, p. B4. Researchers Find Big Security Flaw In Java Language By Don Clark

A team of Princeton University researchers said they discovered the most serious security flaw yet in the widely used Java programming language from Sun Microsystems Inc.

he said.[..]

The generalized halting problem comes to mind...

Since it can be proved that there's no complete set of heuristics to tell if a given program has a characteristic (such as "secureness") then sooner or later someone will discover another security flaw.

A question is whether a simple patch is made or if the set of heuristics is widened (ie, learn from mistakes) so that similar flaws can be found based on knowledge of that one flaw.

Well, actually, the halting problem doesn't really apply here. Imagine you've got a two tape Turing machine. Then go into the control function and block out all calls that either write or read tape 2. I contend it is trivial to prove that no program that runs on tape 1 will ever read or write tape 2. It is quite possible to prove that certain mathematical feats can't be done. You can use algebra to prove that there is no way to trisect an angle with just a compass and a straight-edge. Godel's theorem and its corollary work on Turing machines, only shows that you can't come up with a general mathematical procedure for proving or disproving all statements all of the time. I think it is quite possible for Sun to build a secure version of Java. It might take many iterations and they might make some subtle mistakes, but time should allow them to plug these holes. They're simply trying to make sure that all of their various doo-dads and extras don't write tape 2. Their abstract model is much more complex than a Turing machine, but it is much simpler than C code or the UNIX OS. -Peter