Java is considered more secure than other languages for several reasons:
The Java compiler catches more compile-time errors; other languages (like C++) will compile programs that produce unpredictable results.
Java does not allocate direct pointers to memory. This makes it impossible to accidentally reference memory that belongs to other programs or the kernel.
My answer may differ
Java’s security model is focused on protecting users from programs downloaded from sources across a network. Java programs run in Java Runtime Environment. Java Programs can’t take any action outside those boundaries. For example, Programms are prohibited from many activities, including:
* Reading or writing to the local disk
* Making a network connection to any host, except the host from which the applet came
* Creating a new process
* Loading a new dynamic library and directly calling a native method
Can we all just finally admit that not only isn’t it secure, but you can drive a semi truck through its security holes?
Unfortunately, many of the kvm-over-ip stacks still use it. So you have these embedded web services things to talk to your java client, your horrifically insecure java client, to ship bytes out over the network to give you console.
Can we all start demanding an end to these? Lets get them on HTML5, and finally, and completely, remove Java from our machines? Sort of like flash? Make it go away? Please?