Originally authored by John G. Spragge

Well, that was quite a pile on, wasn't it? Just along one thread about the Java™ programming language, we get a number of solid reporters and a couple of "gurus". The reporters explain the facts about the current vulnerability in one Java sub-system; the "gurus" mount an all out attack on Java. I have three observations here:

1. Blaming a language for the things people express with it amounts to lunacy. Java is an efficient, powerful language; people do things with it. And given the nature of human beings, some people will do bad things. After Bernie Madoff went to jail, nobody suggested the government should take steps to discourage accounting or economics.

2. In a neighbourhood afflicted by a string of burglaries, the headlines do not read: Locks Fail in Leaside. Every story about an "exploit" should, at least in passing, lay the blame with people who take advantage of that security flaw to harm or extort other people. Journalists need to continually remind us, and themselves, that if we live in the network version of Hobbes's war of all against all, we do so because of choices specific people have made.

3. On the subject of war: our governments have evidently decided to take their conflicts into our living rooms, work places, children's schools, power plants and hospitals by making "cyber war". Those governments answer to us. I expect the people now hounding Oracle for "security flaws" to at least mention the truth: government preparations to make war on the net don't threaten us because of Java; they threaten us because war is a dangerous habit.

I have a simple plea: let us not lose sight of the many innovations of Java. Working with Java, I and many other programmers first encountered an integrated approach to coding and documentation through JavaDoc. Java offered the first and still some of the best facilities to integrate a flexible programming language and the W3C xml language. Above all, Java integrated the language and support routines, and in the process instituted and enforced coding standards. Languages such as c and c++ have no rules and standards for identifiers: Java does. Any reasonably skilled programmer who knows Java conventions can read a Java application source and have a pretty good chance of understanding it.

With c or c++ or some other language that does not provide a common naming scheme, a programmer must first learn the naming conventions in use, assuming the program has a common set of naming conventions. Java designers also eliminated header files, that separated declaration from implementation and left c and c++ sources fragmented. Java eliminated the distinction between pointers, references, and in-scope object declarations that complicates c++ code. Java offers the simple rational structure of packages, classes and interfaces, and the rule that every public class should have its own source file, and that file should have the name of the class it contains. These simple intuitive rules, coded into the structure of the Java language, did a huge amount to propagate consistently good program design practise. Given the advantages of Java for systems construction, it should surprise nobody that that it powers so much of the web we take for granted.

Java gives the web Apache Tomcat, the Glassfish application server and many other important server-side systems, and its contribution to structuring good system design, much the way Algol and Pascal helped promote the structured programming approach taught by Edsger Dijkstra has helped the growth of the practical computing systems that power the web.

On one level, I simply ask users and decision makers to ignore hysteria, step back, and weigh the advantages of Java against its security problems rationally. It makes sense for people to turn off Java applet interfaces that make computers vulnerable. It makes no sense to try to eliminate the language completely because of a problem in one of its systems. And it makes less than no sense to get rid of Java to prevent intrusions that might cost a few million dollars if the costs of getting rid of this language run into the billions. But whether the calls for the elimination of Java reflect merely frustration with the slow pace at which Oracle hardens the language against intrusions, or whether it reflects the desire of a few writers on security to force programmers and enterprises to do what they have failed to persuade us to do, it is simply unacceptable to ignore the contribution the designers of Java have made.