An initiative called "Crack the Verifier!" invites developers to participate in testing the technology, which is planned for inclusion in Java Platform, Standard Edition (SE) 6 next summer. Subsequently, it will be included in the enterprise edition of Java.
"We're updating the core security model and we're inviting the developer community to attack the new model," said Graham Hamilton, vice president and fellow in the Java platform team at Sun.
A new Java verifier, called a type-checking verifier, will replace the existing verifier utilized in the sandbox security model. The newer implementation is substantially faster, smaller, and offers a significant performance advantage, the company said. The current verifier has been in use for 10 years.
"We have a new technology that is substantially faster and smaller, but we don't have much experience with it," Hamilton said. "We're replacing the most security-critical code in the Java system."
The verifier checks data access routes to ensure application safety and prevent entrusted code from infiltrating before a Java application is run by a Java Virtual Machine, Sun said. "With Java, you can download an untrusted applet, run it in the browser, and still feel safe," because of the sandbox model, said Hamilton.