> On 19 Jun 2023, at 12:48, Peter Firmstone <peter.firmst...@zeus.net.au> wrote: > > For most Java developers, and Jvm users, it means that all Java bytecodes > need to be audited and trusted,
That has always been the case for *server* applications because SecurityManager has never protected against some of the most common attacks against servers. Secure servers employ OS-level defences, and that’s the approach the vast majority of secure Java servers — and secure servers in any other language — already take. However, note that with "integrity by default" (https://openjdk.org/jeps/8305968) Java is now making it easier than ever before to establish invariants locally and trust them globally regardless of what any other code does. This is precisely to allow more robust reasoning about important program properties, whether they’re used for correctness, security, or performance. It also establishes a more robust and convenient separation of responsibilities among the different layers — hardware, OS, JVM — over which invariants they each maintain. — Ron
