Hacker News new | past | comments | ask | show | jobs | submit login

None of them started out with web security in mind.

Look at the Java bytecode, and you'll see it features such things as a goto with an arbitrary offset: https://en.m.wikipedia.org/wiki/List_of_Java_bytecode_instru...

They had to build a verifier that attempts to ensure the bytecode isn't doing anything bad. That proved to be fairly difficult, and comes at a considerable cost.




But it's not as if security concerns are specific to the Web. Look at the vulnerabilities found in CPUs over the last decade or so. Security is necessary no matter what the delivery medium, so I don't see why this is a rationale for reinventing the wheel.


They genuinely spent years trying to make Java more secure for the web. That was entirely new effort.


And?


Perhaps reread your comment and mine, and you'll see there is a relationship between statements.


They both mention security. That's about it as far as I can tell.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: