But that’s just conjecture. You’d have to point out specific issues to refuse it, and these are not things you’re currently aware of. If you check a few security vulnerability tracking websites (e.g. http://www.eeye.com/resources/security-center/research/zero-day-tracker, http://securitytracker.com/, CERT Vulnerability Notes Database) you can see that the majority of vulnerabilities are in C/C++ software, with relatively few being in java. And these are past problems that are now fixed, who knows what security problems are currently present in any piece of software? I suppose you could argue that you’ll refuse a piece of software if it’s track record for vulnerabilities is below a certain level, but what happens when a piece of software that everyone uses goes below that threshold, you just kick it out?
If you google for vulnerabilities in Java, sure you’ll find that it has had them, lots of them even. But the same is true of any number of other commonly used pieces of software you might care to google for vulnerabilities in - apache, mysql, flash, nvidia drivers, opera, mozilla, skype, vmware, php and javascript, just to name some off of the top of my head.
[quote=waddlesplash]
And yes, VM’d software can be better/faster than non-VM’d software. Which is the case in JavaScript, which is what (along with NodeJS) is going to kill Java.[/quote]
Maybe javascript is better, who knows? And maybe it will become more popular. They are already both very popular languages. I don’t use either so I don’t really have an opinion. But a lot of developers use java, and a lot of industry and academia have a big investment in improving it (think of android for one thing) - I think it will take quite some killing to make people stop using it.
[quote=waddlesplash]
Java’s security holes are entirely Sun/Oracle’s fault. If the same guys that wrote V8 were to rewrite Java, it’d be a lot better.[/quote]
Uhm, those guys did write an implementation of java. That would be google, who developed both V8 and the davlik java VM. There are loads of java VMs out there besides the Sun/Oracle implementation (see List of Java virtual machines - Wikipedia).
I guess the point of all this is that you can’t fault the language itself for the security of a single VM implementation, particularly when there are so many alternative VMs around. The language itself is not insecure, and is actually inherently way more secure than C/C++ and a host of other languages.
Anyway, we’re way off topic here. If you want to continue the discussion you can find me on irc.