As for "boiling down to calling setSecurityManager(null)" you are forgetting to point out how it was achieved via obscure calls to an instrumentation and management api:
"The plan for Java security is really simple," said Java security lead Milton Smith during a conference call this week with Java user group leaders. "It's to get Java fixed up, number one, and then number two, to communicate our efforts widely. We really can't have one without the other. No amount of talking or smoothing over is going to make anybody happy. We have to fix Java." - See more at: http://www.computerworld.com/s/article/9236230/Oracle_s_Java...
As for "boiling down to calling setSecurityManager(null)" you are forgetting to point out how it was achieved via obscure calls to an instrumentation and management api:
https://community.rapid7.com/community/metasploit/blog/2013/...
Their head of security spoke recently about this topic, so I guess they will have to "fire and sue" him: http://www.computerworld.com/s/article/9236230/Oracle_s_Java...
"The plan for Java security is really simple," said Java security lead Milton Smith during a conference call this week with Java user group leaders. "It's to get Java fixed up, number one, and then number two, to communicate our efforts widely. We really can't have one without the other. No amount of talking or smoothing over is going to make anybody happy. We have to fix Java." - See more at: http://www.computerworld.com/s/article/9236230/Oracle_s_Java...