Java Creator: Huge Security Hole in .Net

SYDNEY, Australia – James Gosling, developer of the Java programming language, said this week that Microsoft’s .NET development platform suffers from “a security hole big enough to drive many, many large trucks through.”

Speaking to developers at a programming event, Gosling commented that, “The Microsoft folks made a big deal of being able to support C and C++ on the [common language runtime], and that, to my mind, is one of the stupidest, most offensive things they could have done.”

The problem, said Gosling, is that several features of C and C++ are not consistent with or bounded by tight memory model integrity.

“C++ allowed you to do arbitrary casting, arbitrary adding of images [and] pointers, and converting them back and forth between pointers in a very, very unstructured way,” said Gosling, who currently serves as chief technology officer of Sun’s developer products group.

Gosling went on to compare .NET’s security model to that of Java, saying, “A lot of things in [Java’s] exception handling, they depend really critically on the fact that there is some integrity to the properties of objects. So if somebody gives you an object and says, This is an image,’ then it is an image. It’s not like a pointer to a stream, where it just casts an image.”

Also on hand at the event was Microsoft developer Charles Sterling, who defended his company’s product by pointing out that .NET requires additional permission to execute C and C++, so developers have the freedom to decide for themselves whether to use older, unsafe code in their applications.

Sterling added that of more than one thousand developers using .NET frameworks, he knows of only one who is implementing C and C++ in his applications.

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Choice Talent Management Launches Fan Platform 'ChoiceFilmz'

Choice Talent Management CEO Chris Crisco has launched a new fan platform called ChoiceFilmz.

Dredd to Launch Official Site

Dredd has announced his new website OfficialDreddXXX.com, launching April 20.

New Pleasure Product Review Site 'ToyChats' Launches

ToyChats.com, a pleasure product review and discussion site, has officially launched.

AEBN Reveals Jade Venus as Top Trans Star for Q1 of 2025

AEBN has named its top trans stars for the first quarter of 2025, with Jade Venus landing atop the leaderboard.

SexLikeReal Debuts 'AI Passthrough' Feature

SexLikeReal has introduced an AI Passthrough for video editing during VR livestreaming.

Cherry Kiss, Jordan Starr Top AEBN for Q1 of 2025

AEBN has announced its top-selling stars for the first quarter of 2025, with Cherry Kiss landing atop the leaderboard for straight theaters and Jordan Starr heading up the gay rankings.

Sportsheets Joins FSC as Gold Member

Sportsheets has joined Free Speech Coalition (FSC) as a Gold-level member.

Age Verification Watch: Two End Runs, Two Failed Bills

Industry stakeholders and free speech advocates have anxiously been awaiting the Supreme Court’s decision in Free Speech Coalition v. Paxton, which could significantly impact state age verification laws around the country. In the meantime, state legislatures continue to weigh and pass AV bills, AV tech providers continue to tout their services, and legal challenges continue to play out in the courts — with some cases on hold pending the SCOTUS ruling in Paxton.

FSC Helps Defeat Colorado AV Bill

Free Speech Coalition (FSC) has announced that, with its help, Colorado's recently introduced age verification bill has been defeated.

New AI Companion Platform 'Fantasy.AI' Launches

Fantasy.AI, a new AI companion platform, has officially launched.

Show More