said by spiken :Sounds like a weak argument to me...explain what's wrong at least instead of basically saying "nope...not enough...still sucks" :-P
Needless to say, inquiring minds certainly would like to know details about whatever constitute the "unfixed several security flaws" that Gowdiak states still exist in Java. I do recall reading one reference just yesterday (though I can't retrace just where, out of the very many articles I read) that he had reported at least one of these unfixed flaws to Oracle a year ago, and that it still exists with no response publicly or privately on Oracle's part. Part of the lack of detail in these researchers' warnings may arise from an unwillingness to publicly publish exploit details and immediately expose millions of users, even if the software maker is lax in fixing them.
In any case, my own observation (which has only increased in intensity over a number of years) is that Java is hopelessly vulnerable to attacks that are unusually impacting, and that as fast as these are blocked, new ones are trotted out. I see nothing to change my mind from the current saga, and it's that (sad) conclusion that's led me to finally abandon Java entirely on all my systems. Its just an ongoing, perpetual risk that I'm not willing to run anymore.