An author of the open source Mailman program explains why open source is not as secure as you might think--using security holes in his own code as an example.

Open source software projects can be more secure than closed source projects. However, the very things that can make open source programs secure -- the availability of the source code, and the fact that large numbers of users are available to look for and fix security holes -- can also lull people into a false sense of security.

The Java community is waiting anxiously for Sun's "Second Generation" VM -- due in a month or so. But here's where things stand right now with HotSpot.

Want to let your applet play outside the sandbox? We've looked at Sun and Netscape schemes for assuring security by signing applets, now we turn to Microsoft's Authenticode.

The "sandbox" security model is intended to keep strange applets from performing mischief, but it can also hobble good code. Signatures offer one way to exploit Java's full potential.