Sun Microsystems Inc. is inviting its software developer community totry to find vulnerabilities in a security technology that it plans tointegrate into its upcoming Java Platform Standard Edition 6 software,scheduled for release next summer.The company on Monday launched an initiative called “Crack theVerifier,” under which Java developers and Sun’s own engineers willjointly test Sun’s verifier technology, which is the core securityenforcement component of its Java SE software. The goal is to try andfind — and fix — any holes that might exist in the Java Verifierbefore Java SE 6 ships, said Rich Sands, community marketing managerfor Java SE at Sun.“With Java SE 6, we are replacing the old verifier technology, whichhas been in place for the last 10 years, with a new implementation thatruns much faster,” Sands said. “We are really hoping that the communitywill take a good look at this technology. As much as we are confidentthat we have a strong implementation, we do want the community to takeanother look.”According to Sun, the new Java verifier technology checks data-accessroutes to ensure application safety and to prevent untrusted code frominfiltrating before a Java application is run by the Java VirtualMachine. The newer implementation of the verifier technology is fasterand smaller than the old verifier, but is based on an entirely newverification approach. “The classfile verifier is the very heart of the whole Java sandboxmodel, so replacing both the implementation and the basic verificationmodel is a really big deal,” said Graham Hamilton, vice president and afellow in Sun’s Java platform team in a blog posted on Java.net. “Thenew verifier is faster and smaller than the classic verifier, but atthe same time, it doesn’t have the 10 years of reassuring shakedownhistory that we have with the classic verifier.”With Sun allowing developers to take a crack at the technology, itsJava community for the first time will have the opportunity tocontribute to the security of a core Java component in a major way,Sands said. Java developers can download the source code for the new verifier fromSun’s Project Mustang source download site and have until Jan 31 totest the software, Sands said.By Jaikumar Vijayan – Computerworld (US online) Related content news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe