FifthGraalAdventures
From APIDesign
Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.
Designing for Security
This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!
Being a good architect is an InvisibleJob, but when you predict future problems, address them and then a hacking attack proves you were right, then you deserves to be called an architect!