This month Peter turns a jaundiced eye towars the sorry state of software development. Specifically what are the flaws that cause the industry to turn out program after program with security holes. What are Companies like Sun doing to correct the problem? What should they be doing? The answer: Peter’s own Software Development Security Design Methodology.

This paper explores the problem of protecting a site on the internet against hostile external JAVA applets while allowing trusted internal applets to run . With careful implemnetation, a site can be made resistant to current JAVA security weaknesses as well as those yet to be discovered. In addtion, we describe a new attack on certain sophisticated firewalls that is most efeectively realized as a JAVA applet.