Since Java appears to be an emerging standard for embedding programs into
Web pages, we are actively studying Java's security.
Though Java's security is better than most that of most other Internet
programming tools, the potential scope of Java's deployment requires us to
hold it to a high standard.
We believe that Java's security needs to be improved in several ways. Some
of the improvements would fix small, localized bugs, while others require
significant changes in the structure of the Java system.
For a detailed analysis of Java security, see our
on the topic.