During its survey the company gathered information from numerous endpoints and unveiled an amazing outcome- more than three quarters of Java clients are using a versions of Java that are at least six months out of place. Biting further into the details, the survey noted that more than half of the participating organizations were more than a year outdated. Such degree of ignorance makes their computers an easy-catch for even for non-targeted attacks that are exploiting Java vulnerabilities.
Another segment of the report disclosed appalling statistics that exposed that over a quarter of participant companies got their last Java update four years ago. Moreover, the ratio of firms using the latest version of Java came out to be 1:20. This probably means that in most of the firms the applications have never been updated at all. According to another revelation, this makes 98 per cent of the end points a soft target for the most recent CVE-2013-1493 vulnerability. In fact, more than a quarter of them have been at the gun point of CVE-2012-5076 since November 2012.
The thing that further ads to the degree of seriousness of this revelation is the recent series of scathing hack attacks and vulnerability exploitations. It is worrisome to note that despite such security threats hovering around, organizations are turning blind towards the dire of updating their Java applications.
According to Websense officials, more than 77 per cent of the user base is working on Java versions that are dead and will not be receiving any patches or updates. Some of the versions are not even supported by Oracle anymore.
Frisking the statistics unveiled by Websense brings out two major challenges faced by Java users. Firstly, majority of users are not able to access the security patches and secondly those who have patched their applications are finding it difficult to cope up with the rigorous update cycle.
The reputation of Java as a development platform has degraded over the time, so much so that industry experts are suggesting users to completely ditch Java or at least try to do so at the earliest. Even though Oracle has been prompted to incorporate new security features as a part of application white listing, there seems to be no easy way out of this contingency until the patches and updates are promoted at a higher scale, in a more targeted manner.