Java security will be in the spotlight at JavaOne

JavaOne sessions to address Java's security issues following a year of bad press

If Oracle's JavaOne show plans are any indication, the company is very serious about educating developers on how to make their Java applications secure.

Sessions planned for next month's annual Java technical conference include "Dissecting Java Malware," "The State of Java Web Container Security," and "One Year of Security Enhancements in the JRE (Java Runtime Environment)." One session description, for a talk entitled, "Java Security: Bringing Trust to Your Java Application," flat out acknowledges the bad press Java has been receiving lately. "Recently there has been a lot of press about Java vulnerabilities and security -- giving Java a bad rap," the description reads. "The reality is that the Java platform and language were built with security in mind." This session is to be conducted by a VeriSign employee.

Java's security maladies have included zero-day vulnerabilities, such as arbitrary, unsecure class loading in Java SE (Standard Edition). Some experts advised uninstalling Java plug-ins in browsers to boost security. Java's travails even prompted a bulletin from the US Department of Homeland Security earlier this year. JavaOne actually features a session entitled "Anatomy of a Java Zero-Day Exploit," to be conducted by an engineer from Carnegie-Mellon.

Oracle, for its part, has been quick to issue security patches for Java and has advised users to upgrade to the latest Java versions. Oracle, which inherited the stewardship of Java when the company acquired Sun Microsystems early in 2010, will continue Java security damage control at JavaOne. The conference is being held in San Francisco from Sept. 22-26, concurrent with the Oracle OpenWorld conference.

Besides security, other JavaOne highlights scheduled include a focus on developing Java applications for the Microsoft Windows Azure cloud, with a Microsoft official conducting a session on it. Coding for desktop and mobile via HTML5 and Java EE 7 also will be covered, as will JavaScript on the JVM (Java Virtual Machine) via the Nashorn project, and developing with Java for Apple iOS and Google Android via Oracle ADF (Application Development Framework).

Attendees also will have the opportunity to meet Oracle's Java language team and look into the "JVM Crystal ball," as one session description puts it. NoSQL database technology will be examined at the conference, along with other JVM languages, such as Groovy and Scala. Red Hat and Oracle officials will conduct a session on interoperability in Java EE 7.

This story, "Java security will be in the spotlight at JavaOne," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.

InfoWorld Technology of the Year Awards 2023. Now open for entries!