In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure Coding Standard for Java is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.

I think it would be a tragic statement of the universe if Java was the last language that swept through.

People think of security as a noun, something you go buy. In reality, it's an abstract concept like happiness. Openness is unbelievably helpful to security.

An API that isn't comprehensible isn't usable.

If I were to pick a language to use today other than Java, it would be Scala

During the integration meetings between Sun and Oracle, where we were being grilled about the patent situation between Sun and Google, we could see the Oracle lawyer's eyes sparkle.

I've surprised myself and made another career change. I had a great time at Google, met lots of interesting people, but I met some folks outside doing something completely outrageous, and after much anguish decided to leave Google.