To:        Stephen Leibowitz
From:    Bjarne Stroustrup
Subject: Re: FAQ
Date:     January 21, 1999

In haste: I basically think that the language level of a general-purpose language is the wrong level to tackle security. IMO, the Java model is too complex and is growing more complex still. Last I heard of it, the Sun JVM was 100,000+ Lines of C and the JVM shipped with Netscape the most leaky part the browser (memory leaks that is). I don’t consider this promising as a base for security. Basically, I think we need an OS+hardware support for security / access control / privacy before accepting code from unknown sources into machines containing precious information.

Also, remember that memory is not the only resource that can leak.