Will Dropping Serialization from Java Remove the Vulnerabilities?
During “Ask The Architect” at the Devoxx UK 2018 conference, Oracle’s chief architect, Mark Reinhold, called Java’s serialization mechanism a “horrible mistake” and a virtually endless source of security vulnerabilities. More importantly, Reinhold announced Oracle’s decision to improve Java’s security by changing the way Java handles object serialization. Nearly half ... Read More