Experts say Oracle needs to re-think its approach to security

By Joshua Kopstein on February 22, 2013 12:30 pm

If you’ve been paying any attention to the security breaches hitting Apple, Facebook, Twitter, NBC, and others these past few weeks, you’ve probably noticed a common culprit: our poor old pockmarked friend, Java.

As a web plugin, Oracle’s aging code deployment platform has practically been a revolving door for widespread malware attacks recently, and for years the general consensus has often been that its risks have outgrown its usefulness. After spending a week Java-free back in 2010, PCMag’s Larry Seltzer concluded that the Java platform as a whole “is pretty clearly a failure, and all that remains of it is a big fat attack surface on your computer.”

The situation doesn’t look to be getting any better: since last year, zero-day exploits have been appearing with a crippling consistency, and lately Oracle has found itself fervently rushing to apply patches on an almost monthly basis. One of them, which emerged in January, caused Apple to start blocking Java 7 completely on OS X. And even after it had been patched, the US Department of Homeland Security’s Computer Emergency Readiness Team (CERT) joined security experts in recommending that users keep their Java browser plugins disabled indefinitely. Now many are beginning to wonder, as they have many times before, whether the platform and its associated language are finally on their last legs, about to be pummeled out of existence by hackers and a declining developer base.

Read complete article on http://www.theverge.com/2013/2/22/4016582/after-so-many-hacks-why-wont-java-just-go-away