One of Java’s unique features is the ability to safely run untrusted code such as applets. What is the design of the security architecture? What are the pros and cons of using it? This session presents an overview of Java’s security architecture, focusing on its strengths and weaknesses. It also reviews how the architecture was built and recently exploited. It examines the design, comparing Java’s security architecture with other privilege systems such as UNIX file permissions. The presentation correlates design and coding principles with guidelines from the CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines. Finally, the session focuses on what lessons can be learned from the security architecture.