The Java Zone is brought to you by Stormpath—offering a pre-built identity API for developers. Easily build powerful user management, authentication, and authorization into your web and mobile applications. Check out this tutorial to build a simple web app with Spring Boot and Spring Security in 15 minutes.
Two weeks ago, we ran a poll asking how safe this community felt Java was after the debacle with the Java web plugin. As you can see below, there was a fairly even split in the community when it came to whether it was something worthy of concern.
Reading the write-ins, it is fairly clear that a big part of the lack of concern comes from an acknowledgement that server-side Java was entirely unaffected by the security concerns. In fact, client-side Java was rather lightly affected compared to the fuss the issue raised. Many concerned respondents were so because they were concerned about public opinion, not because of the specific vulnerability in the Java web plugin.
The next question was slightly loaded- it implied that Java wasn't safe to begin with. A good portion of negative responses reflect a belief not that Java isn't safe now, but that it never was not safe.
Most people responded that Java was safe once more, but would state later in the "What are the ramifications?" section that Oracle/Java would suffer for the issue. This was, again, explained as resulting from Oracle's PR nightmare. You have a huge number of people hearing "Java" and "vulnerable" from a credible source, who don't know better than to group all of Java together, browser plugin or not. There is an ill-at-ease feeling lingering in regard to Java amongst the non-technical that may take a long time to dispel. The big remaining question, then, would be whether that issue would be enough to push Java into obsolescence. What did DZone's community think?
In short, over 70% of the community felt that this mistake doesn't mean a lot on its own. About 21% felt that if things like this exploit continue to occur, Oracle will have real problems on its hands. About 23% felt that people will trust Oracle and Java more after this— and the write-ins made it clear that mostly, people will distrust Oracle. A little less than 30% simply felt Java was too integral or this was too insignificant to really have an effect.
The one thing that this whole fuss could practically mean is that the Java web plugin might die soon. With so many people having disabled their plugin and experienced almost no adverse effect, it certainly seems possible for the public at large to move beyond browser Java, which wouldn't be a huge loss for Oracle, by any means.
The Java Zone is brought to you by Stormpath—offering a pre-built, streamlined user management API for building web and mobile applications. Learn how token authentication with JWTs (JSON Web Tokens) helps secure websites and avoids the pitfalls of using cookies and sessions.