Open source Java will still be secure

Father of Java James Gosling assures the programming language will remain secure even after it becomes fully open source.
Written by Lee Min Keong, Contributor on
KUALA LUMPUR--Java co-inventor James Gosling squashes what he says is a misconception that open source is less secure than proprietary software, pledging that Java will remain secure even after it is fully open source.

James Gosling, Java co-founder

In a tête-à-tête with ZDNet Asia at the recent Sun Tech Days developer conference in Kuala Lumpur, Gosling clears the air about Java and explains why the programming platform is now more user-friendly. To date, there are over 5 million Java developers and more than 2.5 billion Java-based devices worldwide.

Q: In your keynote address at Tech Days, you said you don't know where Java is heading and that it's a good thing not to know. Can you elaborate?
Gosling: Sun Microsystems tries to be a community leader in the sense of making proposals and building things with our technology, but Java is driven heavily by what the community of developers does with it.

Did you envisage Java to become so pervasive, and be used in applications as diverse as the Mars Exploration Rover and giant telescopes?
No, when we originally designed it we came up with a lot of storyboards on how we thought Java was going to evolve. When we look at these storyboards now, they often matched what people are doing currently.

But in my mind then, that was more an exercise in science fiction! I never expected that Java would be used so pervasively in so many industries. For example, the vast majority of all financial transactions in the world go through some piece of Java software. If you had told me that some 10 years ago, I would have thought it was crazy.

Also in your keynote, you said that though Java will be fully open source, there will be no compromise on security. Can you explain?
Some people tend to believe, incorrectly, that open source software is inherently less secure and somehow unsafe. Yet, if you look at where security problems actually are, they are predominantly in proprietary and non-open source software.

One of the things people don't understand about open source is that all the source codes for a piece of Java software is out there for anyone to look at. And over the 12 years that the Java source code has been out there on the network, millions of people have scrutinized it.

We can do a lot of testing but that's nothing like having a bunch of smart people 'stare' at it. There have been people doing academic research on it, and there have been major military organizations doing audits on the source codes. They want to know whether the security story works. Banks in the early days were doing the same thing.

In the past, one barrier to Java adoption was that it wasn't deemed to be user-friendly. How has this been rectified?
Historically, we tend to concentrate on developing very large scale and sophisticated systems with Java. But one of the consequences is that, often, it ends up being more complicated than people need for simple situations.

We have been doing two things to address this. First, we have been working a lot to simplify programmer interfaces. Second, we have put in an immense amount of effort into developing tools to make it really easy to write, deploy, test and manage enterprise applications. The latest version of our Netbeans development tool has been very well received. Developers have been overwhelmingly positive about it.

How does this position Java with regards to competitors that claim their platforms are more user-friendly?
With Microsoft .Net and Visual Studio, we will always have issues with them because they are Microsoft. Java tools are certainly now as user-friendly as Visual Studio. We do a much better job of developing a wider diversity of applications and we are just way ahead when it come to building large-scale enterprise applications. That's where Java completely dominates.

Can you discuss a couple of key new developments or that Sun is working on right now on Java?
One area is in next-generation cellular phone technology. New phones are becoming more and more like desktops. The software environment on these cell phones is migrating toward being as capable as the desktop. So we are doing a lot of work around low-level software architecture for cell phones.

We are also doing a lot of work on the way Java is used in enterprises and the way data centers are managed.

If there wasn't Java, what do you think you would be doing right now?
I'll probably be hanging out with my family on the beach. My family members are farmers from Canada and in middle of winter, they would all go to Mexico!

Where would you have channeled your creative energy, in the absence of Java?
I'll probably be a developer of some sort, probably in graphics or something similar.

Lee Min Keong is a freelance IT writer based in Malaysia.

Editorial standards