*NetBeans Dream Team*
*President Greenville Java Users Group
Java Users Groups Community Leader
Java Enterprise Community Leader*
For me the main issue is not the security flaw by itself but the image that
is giving for Java as the new Flash for exploits because of the lack of an
easier mechanism for fast zero day updates or a visible source of
information about security flaws and the actions to erase the bugs.
I know that OpenJDK has a bug tracker but I'm a developer that loves Java.
In general administrators are more comfortable with a single page with a
report talking about this issues and clear realease schedules for the
patches where faster is better. I know this point is very debatable but is
the way as it is.
In Linux distributions root privilege escalations are more common than the
people believes but the difference resides in the fact that you can expect
a patch in two or three days (as much) and the idea that I received from
the sentence "Oracle has yet to comment on the reports or say when it plans
to fix the vulnerability. The next scheduled patch release isn't until the
middle of October" is not very comforting. Maybe Oracle have to improve his
public relationships concerning to security issues :).