Featuring a new algorithm, the upgraded verifier is based on a project in the research community. It is accessible to developers via the Sun Java Research License.

"It's one thing to look at the source code and find bugs and fix bugs and create new implementations, but this is a different way for the community to get involved so they can look at the code and actually contribute to the overall security of the Java ecosystem by working on this problem," said Rich Sands, community marketing manager for Java SE marketing at Sun.

If anyone is able to crack the new verifier, that person will be brought onstage at the JavaOne conference in San Francisco next May. "If we're lucky, we won't have a winner," Hamilton said.

The security upgrade is subject to approval by the Java community at large via the Java Community Process. It is included as part of Java Specification Request 202, which entered a public comment phase on Friday, Oct. 28.