Link: Oracle plans to end Java serialization, but that’s not the end of the story

‘Oracle’s chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a “horrible mistake” and a virtually endless source of security vulnerabilities. This is evident in nearly half of the vulnerabilities that have been patched in the JDK in the last 2 years are related to serialization. Serialization security issues have also plagued almost every software vendor including Apache, Oracle, Pivotal, Cisco, McAfee, HP, Adobe, VMWare, Samsung, and others.’
Original source: Oracle plans to end Java serialization, but that’s not the end of the story