InfoWorld - Security Adviser: Why you can't dump Java (even though you want to)

So many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit

By Roger A. Grimes
MAY 08, 2012

Java's direct responsibility in the recent Mac Flashback Trojan attacks have many calling for Java's retirement, including InfoWorld's own Woody Leonhard:
http://www.infoworld.com/t/java-programming/its-time-run-java-out-of-town-190525

It's understandable. Unpatched Java is responsible for sizable proportion of today's successful Internet browser attacks, including two compromises I've suffered over the last couple of years. It's also been the culprit behind nearly every Windows exploit that's affected friends and family, aside from the pure social engineering exploits from phishing, Craigslist scams, and so on.

Those anecdotal experiences are backed up by good data. Microsoft's Security Intelligence Report 11 shows Java exploits are by far the biggest ongoing problem impacting monitored Windows computers. Java has been bedeviled by hundreds of security vulnerabilities over time. Go to any security vulnerability database and you'll see dozens of bug fixes each year since Java's creation in 1995. You'd be hard-pressed to find any single application that has hosted as many security bugs as Java.

Click the URL above to read the full article