Group analyses Java risks

Many analysts consider Web application vulnerabilities to be among the biggest security threats facing companies these days. A lot of attention has been paid to understanding risks such as input-validation flaws, cross-site scripting errors and other Java Web application security threats, says Computer World.

Receiving somewhat less attention, however, has been the question of what application software developers need to know to reduce the likelihood of such vulnerabilities in the software they write.

A group of security managers from over a dozen organisations, including Booz Allen Hamilton, Deloitte & Touche, and Boeing and Ounce Labs, hope to address that shortcoming. They`re set to publish a document listing what they consider to be the essential skills needed for secure Web application development.

Google could be heading for a showdown with Sun over the way Android, Google`s new mobile phone software platform, handles Java, states PC World.

Instead of using the standards-based Java Micro Edition (JME) as an engine to run Java applications, Google wrote its own virtual machine for Android, calling it Dalvik. There are technical advantages and disadvantages to using Dalvik, developers say, but technology may not have been the driver for Google.

Google most likely built Dalvik as a way to get around licensing issues with Sun that would have come with using JME, said Stefano Mazzocchi, a developer and board member at Apache Labs.

The Eclipse Foundation has won a seat on a Java Community Process (JCP) executive committee, states Network World.

Launched in 1998, the JCP oversees various amendments made to the Java platform, which are the subject of Java Specification Requests.

The JCP program management office announced results of 2007 JCP executive committee elections. Eclipse was newly elected to the Java SE/EE (Standard Edition/Enterprise Edition executive committee.