I don't think Java proves your point. The major impacting bugs in Java itself te... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

MichaelGG on March 17, 2015 | parent | context | favorite | on: Would Rust have prevented Heartbleed? Another look

I don't think Java proves your point. The major impacting bugs in Java itself tend to surround the idea of running arbitrary code with a complicated sandbox. The embedded CLR-in-the-browser also suffered many (in fact, out of all the severe MS CVEs that aren't memory related, most were sandbox escapes). So that's probably more of an indication not to build complicated sandboxes that rely on fine-grained classloading permissions systems.

The other Java bugs are ones that'd plague any language: SQL injection, rules-engines-gone-wild, etc.

mike_hearn on March 17, 2015 [–]

> So that's probably more of an indication not to build complicated sandboxes that rely on fine-grained classloading permissions systems

Web sandboxes are full of holes too. That's why modern browsers have sandboxes within sandboxes. I don't think an HTML5 sandbox is less complicated than the JVM sandbox.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact