Oracle wants to talk about Java security concerns
"It appears that Oracle wants to talk about Java security concerns, but it also appears it doesn't have anything to tell users worried about Java's vulnerability in the browser. In a conference call
(Direct download MP3 file) to Java User Group leaders, Oracle's lead for Java Security, Martin Smith, said the Oracle plan for Java security is "to get Java fixed up and number two to communicate our efforts widely".
Billed by others in Oracle
as the breaking of Oracle's silence on the issue, Smith said "we have to fix Java and we have been doing that", referring to recent updates and the adding of security features. This started with Java 7 Update 10 which set out to stop drive-by attacks from unsigned applets by always making them prompt before being allowed to run. The update also made it easier to deactivate Java in the browser."
Full article at The H Security