When the Java programming language was first developed by Sun in 1991 there were five primary goals in its creation. It was planned to be:
- simple, object-oriented and familiar;
- robust and secure;
- architecture-neutral and portable;
- executable with high performance;
- interpreted, threaded and dynamic.
The flexibility it allows application developers under the write once, run anywhere idea is achieved through applications being typically compiled to bytecode (class file) rather than to machine code, which is platform specific. The programmes run on Java virtual machines, which are themselves written specifically for whatever hardware they are hosted on.
End-users need to use a Java Runtime Environment (JRE) installed on their own machine for Java applications, or in a web browser for Java applets.
The Oracle Corporation is the current owner of the official implementation of the Java SE platform, which is based on the original implementation after they acquired Sun Microsystems in 2010. It is available for Mac OS X, Windows and Solaris. The Oracle implementation is the de facto standard.
The goal of Java is to make all implementations of Java compatible, but with popularity also comes attention to security needs. Some development best practices that contribute toward security in Java are:
- Java RIA Security Checklist
- Java Security Resource Center
- Java SE Security on the Oracle Technology Network (OTN)
- Secure Coding Guidelines for the Java Programming Language
- Java Applet and Web Start Code Signing
This BCS State of Play report looks at what the analysts have to say on Java and points members to library resources on security, its use in the enterprise and developer information.
Sources and further reading
https://en.wikipedia.org/wiki/Java_(programming_language)
https://www.java.com/en/security/developer-info.jsp
http://www.darkreading.com/application-security/database-security/the-death-of-java-in-the-enterprise/d/d-id/1138981