Sean Mullan , Oracle Security Lead for Java, shares some insightful results about the use of Java SecurityManager across industry in his recent blog post, SecurityManager Survey Results.

The Java SecurityManager is a library used to secure cloud, desktop, or mobile software applications. As an example, a popular use of the SecurityManager is to secure calls to System.exit().  An unauthorized call to System.exit() in a web application creates a denial of service condition in the production environment.  Typical uses of the SecurityManager across industry by respondents include the following.

As much as the SecurityManager may be considered a niche feature, it’s still used in many popular software products and packages.  The following is a partial list of applications from survey respondents that use SecurityManager.  The list is not in any particular order and it has not been verified.

Equinox OSGi Framework
IBM iSeries Java Data Access
Fortify Software Security Center
Apache Tomcat Servlet Container
Apache Solr
Apache Lucene
Apache NetBeans
Apache Kafka
Apache Derby
GlassFish Java EE Application Server (CORBA IIOP)
Jamaica-IoT and OSGi framework
Google Guava
SAP NetWeaver

Information about product security features used throughout industry is difficult to determine so it’s interesting work.  I encourage you to review the original article and survey.