Last week, while in Australia and downplaying the importance of last year's watershed agreement between Sun and Microsoft, Sun developer products CTO and father of Java James Gosling proclaimed that "We're still trying to work out what that agreement means. In some levels, it's actually meaning less and less." Then, on the heels of that, Gosling announced that Microsoft's implementation of C and C++ in .Net has security holes that are "large enough to drive many, many large trucks through."
Now, apparently not one to take a sucker punch from its bedfellow laying down, Microsoft is responding in kind. Microsoft software architect Don Box has issued a response to Gosling's assertions in his blog (Don Box's Spoutlet) under the heading "Huge Security Hole in Solaris and JVM." In his missive on how the Java Native Interface (JNI) offers programmers similar opportunities (to those discussed by Gosling) to create insecure code, Box appears to dismiss some of Gosling's comments as FUD before offering his own reality check. Wrote Box, "Ignoring the hyperbole (which is sad but a reality of the commercial software business), there was one annoying bit of misinformation about unsafe vs. unmanaged."
Meanwhile, in other Don Box-related news, the World Wide Web consortium has issued three Web services recommendations ("recommendation" is basically W3C-speak for "ratified standard"). According to a story in eWeek, the three specs are known as XOP (XML-binary Optimized Packaging), MTOM (Message Transformation Optimization Mechanism), and RRSHB (Resource Representation SOAP Header Block). But, whereas BEA senior principal technologist Mark Nottingham appeared to endorse all three specifications, Microsoft's Box appeared to only endorse one: MTOM. eWeek quoted Box as saying "Microsoft is committed to MTOM as the definitive solution for including opaque data in XML and SOAP messages, and we plan to implement support for MTOM across our XML-aware product line," but made no mention of a similar endorsement for XOP and RRSHB. I checked with Microsoft and, according to a spokesperson for the Redmond-based company, Box's comments were not meant to exclude XOP and RRSHB. According to the spokesperson, Microsoft sees all of the newly ratified specifications as a part of the MTOM family and the company is definitely supporting all three.
Credit where credit is due: A posting on Slashdot.org turned me on to the news of Don Box's response. Media Transparency Note: My media transparency channel has a note regarding Microsoft and its standard operating procedure regarding the anonymous attribution of certain statements to "spokesperson."