Oracle has announced that it plans to eliminate the serialization feature in Java that was introduced in 1997. Mark Reinhold, chief architect of the Java platform group at Oracle, said that serialization was a “horrible mistake,” and he estimated that one third to one half of Java security vulnerabilities since then have been related to serialization.
The company has a new initiative called Project Amber that will tackle the removal of serialization, as well as other productivity-related features in Java.