This white paper discusses the applicability and desirability of Java as a programming language for use in secure systems. Java is much more secure than C and C++ because the byte-code verifier prohibits unsafe type coercions and address arithmetic, garbage collection prevents dangling pointers, run-time checks prohibit null pointer dereferencing and out-of-bound array subscripts, and the security manager restricts application behavior according to the credentials of an application provider.

Java completely eliminates many of the most common mechanisms exploited in common virus and Trojan Horse attacks. The ease with which existing Java software capabilities can be ported and repurposed makes Java an ideal language for creating customized secure functionality by assembling and integrating independently developed off-the shelf Java software capabilities.