In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure Coding Standard for Java is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.

Java is C++ without the guns, clubs and knives.

During the integration meetings between Sun and Oracle, where we were being grilled about the patent situation between Sun and Google, we could see the Oracle lawyer's eyes sparkle.

People think of security as a noun, something you go buy. In reality, it's an abstract concept like happiness. Openness is unbelievably helpful to security.

I've surprised myself and made another career change. I had a great time at Google, met lots of interesting people, but I met some folks outside doing something completely outrageous, and after much anguish decided to leave Google.

If I were to pick a language to use today other than Java, it would be Scala

An API that isn't comprehensible isn't usable.