Though Java's security is better than most that of most other Internet programming tools, the potential scope of Java's deployment requires us to hold it to a high standard.

We believe that Java's security needs to be improved in several ways. Some of the improvements would fix small, localized bugs, while others require significant changes in the structure of the Java system.

For a detailed analysis of Java security, see our publications on the topic.