---

EarthWeb: Thoughts on Java and Open Source Security

“Java has been historically lucky in the open source field. Sun
has been committed to community and industry participation since
Java’s inception, and by opening up source code Sun has help to
foster innovation and customizing — including security. This has
cultivated a large collection of extensions and other multiple open
source Java projects. However, critics to open source have strong
opinions about the security of the software. Their arguments
usually fall under one of two categories: Developer trust and
secrecy.”

“Simply put, the critics do not trust the developers. The
concern is whether the open source code is developed with any
regard to tracking, accountability, or control. There are no
guarantees that any of the programmers are experts in their field,
and critics wonder who exactly has had a chance to look at the
source code, and whether anyone has actually invested any time or
effort. They wonder what will happen when bugs and holes are found
in the product, and whether there will be any accountability. They
worry about the lack of documentation and official support. They
may even suspect developers of being hackers planting software with
exploitable holes.”

“The rebuttal is that open source may instead contribute to
developer quality. How efficient can code review be within a closed
circle? And how efficient is a review if there is only a small team
of developers?”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis