Thus spake Scott Barman:
> > brightest raw of sunshine I've seen for a while is Sun's success
> > positioning Java as a bitchin' cool thing and that SECURITY is
> > part of the bitchin' coolness of it. The fact that they accomplished
> > a market sell on that fact is good news; it means that people are
> > learning to ask for systems that are more than spit and glue and
> > duct tape.
> Sure... Sun did that AFTER its potential security problems were beaten
> up here and on other mailing lists and newsgroups. Yes, I know they put
> out their white paper on their security position. But Sun did not start
> to advertise it with its security "feature" until AFTER the onslaught
> from the union. Again, they were reactive rather than proactive.
As long as I've been involved with Java (since March, I guess),
security has been a big part of the package. When Netscape got a hold
of it, the focus shifted, but they're Netscape... that's the way they
Your paragraph confuses me... the security of Java was well publicized
_long_ before it got taken to task on the lists and groups. The flaws
that were found by the Princeton folks were fixed in a later release,
obviously, but the _design_ aspect was always there. And it's really
nice to see a vendor designing for security rather than just
implementing for it, isn't it?
> To my knowledge only DEC and IBM have proactive groups (among Unix
> vendors) solely concerned with security. Yes, I know DEC was first
> (SEAL), but IBM has always been proactive with computing security (on
> their mainframes) and now has extended that to their Unix offerings.
I thought Sun had a similar group... (And their "Trusted Solaris"
product has to mean _something_.)
#> Mike Shaver (shaver @
com) Ingenia Communications Corporation <#
#> Ignore the man behind the curtain. <#
#> "And then I realized that it never should have worked in the first <#
#> place. Thus, it would not work again until rewritten." --- Anon. <#