BY JAMES COOKE, EDITOR AT LARGE
techwatch
Test your Java brew
THE JAVA PROGRAMMING LANGUAGE WAS A BREAKTHROUGH
in the early days of the Internet. What made it so revolutionary at the
time was that Java allowed an online application to run on computers with different operating systems (Macs, PCs, etc.). Sun
Microsystems released Java in 1995. Today, Java is overseen by Oracle,
which acquired Sun in 2010.
Not only has Java proved critical for software development, but the
programming language is also widely used in logistics-related applications. Indeed, many supply chain software vendors write their
applications in Java. (C Sharp is the other language commonly found
in supply chain software.)
That’s why when the U.S. Department of Homeland Security issued
a warning in January about Java, it was the source
of some concern. The federal government advised
computer users to disable Java on their Web
browsers because hackers could install malicious
software on computers running Windows, Mac OS,
or Linux. Although the warning was issued to the
public, it raised an important question for the supply chain community: Are logistics managers who
are using Java-coded supply chain software leaving
their operations vulnerable to cyberattack?
According to executives at supply chain software
companies using Java, the government’s warning is
more applicable to consumers than business users.
That’s because supply chain software programs run
Java on the servers that host the application. Vishal
Minocha, senior global product manager for sup-
ply chain solutions at Infor, notes that his company’s Java “runs on
the server, which does not cause any security vulnerability.” Adds
Prakash Muthukrishnan, senior director of product strategy at supply
chain software developer Manhattan Associates: “The identified Java
vulnerabilities [cited in] the government warning are applicable only
to applets [that] run inside a browser and not applicable to Java run-
ning on servers, stand-alone Java desktop applications, or embedded
Java applications.”
Java applets are generally used to provide interactive features for a
Web browser, such as stock tickers or scrolling text. (Hence the gov-
ernment’s advice that browser users disable the Java plugin.) “The
Java security risks recently in the news are specific to Java code down-
loaded and run on the client side browser using Java plugins or
applets,” says Robert Nilsson, vice president and general manager of
software and supply chain intelligence at Dematic Corp. “Applets are
not widely used for enterprise applications.” He
adds that Dematic does not use Java applets in its
suite of applications, thus reducing any potential
security threat.
