In January of 2013, Oracle announced plans to reevaluate and strengthen its security protocols. The announcement came after serious vulnerabilities were found in Java 6, coupled with widespread criticism of the company’s rigid patch release schedule.
Throughout the next six months, Oracle did, indeed, take steps to tighten their security, surprising some detractors with their commitment to the issue. Most, if not all, security improvements, however, centeron the latest version of Java, Java 7.
Unfortunately, as a recent report by security firm Bit9 makes clear, many organizations continue to use Java 6, forwhichOracle stopped providing public security updates in April of 2013. Even worse, many endpoint systems run multiple versions of Java, which allows hackers to capitalize on older vulnerabilities.
Java Usage and Version Statistics
Bit9 surveyed over 400 organizations, representing a total of over 1 million distinct endpoint systems. The survey discovered Java 6 on over 80 percent of systems. Matters got worse. The most commonly installed version of Java 6 was Java 6 Update 20, which includes a staggering 215 security issues. How far behind is this update? The last version of the software was Java 6 Update 45.
Any system using outdated versions of Java 6 is at risk of serious vulnerabilities. Whether you’re selling
1994 mustang parts or offering online cloud hosting, outdated versions of Java, or indeed any program, represents significant risk of security breaches.
Only 15 percent of endpoint systems surveyed used Java 7, and even then, were rarely up-to-date. Only 3 percent were running Java 7 Update 21, the most recent update at the time of the survey.