Plugging Java’s Holes – Is There a Practical Fix?

IT departments are in a tight spot with Java. The pervasive development language comes with serious security risks, yet many business apps still rely on Java to function. Java ushered in a world of write-once/run-anywhere productivity for developers. Developers need only write their application and let the client-side VM handle all of the cross-platform interoperability. For developers, either commercial or in-house, this continues to provide resounding leverage.

Where it began as a client-server environment, Java has become tightly integrated with the browser, enabling rich applications to be installed and launched by clicking a web link.  This transition from client-server to Web-based was driven by the release of the browser plug-in and the “Web Start” functionality in the Java environment.  This integration pushed the proliferation of Java apps, but it has also exposed corporate data to attack.  Its architecture, which allows links to invoke the plug in and access resources on the user’s machine, means that an exploited Java environment can access literally any data on the machine or on your network.

SOURCE: infosecisland.com