The company launched the ''Crack the Verifier'' challenge Monday, making Java SE 6.0 binaries and source code available under its Java Research License (JRL) to any interested parties.
The challenge is designed to look for flaws in both the implementation and the specification itself. Work on the technology is currently under way in the Java Community Process (JCP), under Java Specification Request 202 (JSR-202), ''Class File Specification Update.''
Sun developers are looking for two things: whether there are any bugs in the new verifier and whether the whole thing is fundamentally flawed and needs to be scrapped.
Graham Hamilton, vice president and fellow on the Java platform team, said that while he's hoping for the former, the latter means a missed opportunity for the Java community but the ability to replace the new technology with the existing verifier in time to launch Java SE 6.0 next summer.
There are three ways developers can look for bugs to squash: They can look for a flaw in the type-checking verifier specification within JSR-202; they can look for an ambiguity in the wording of the specification that would lead to an unsafe implementation; or they can find a flaw in the implementation Sun has provided within the snapshot builds of Java SE 6.0, code-named Mustang.
Contest entries will be accepted until Jan. 31, 2006, and judged by a panel of Sun engineers who will determine if the submitted bugs compromise the Java security model.
Those who find a significant flaw in the specification will be brought on stage during the keynote speech at JavaOne next year. Discovered flaws in the implementation will receive acknowledgment on the Java.net Web site.
This article was first published on internetnews.com. To read the full article, click here.
Loading Comments...