While many home users don't need Java in their browsers, people in some parts of the world might. In Denmark, for example, online banking and government websites use a log-in mechanism called NemID that requires Java support, Eiram said. Similar cases might exist in other countries.
In those cases, using the click-to-play feature in Chrome and Firefox, or the Zones mechanism in IE, could be used to let Java content load from only certain websites. A less technical solution would be to use one browser with Java disabled for general tasks, and a different browser with Java enabled for trusted websites that need Java support.
Restricting the use of Java in corporate environments is more difficult. Many companies use internal and external Web-based applications that require the Java browser plug-in to run. Features like click-to-play are not suitable for corporate environments where policies need to be centrally managed and enforced.
"Making Java more configurable will help IT administrators deploy Java in the right fashion for the organization's requirements," Kandek said. "Higher default security levels and the easy disconnect from the browser are a good start, but I believe we will need to improve the white-listing capabilities of browsers or the Java plug-ins."
For the moment, the Zone mechanism in IE offers the most scalable management capabilities for the Java plug-in in corporate environments, Kandek said.
The recent wave of Java-based attacks, including the one that resulted in security breaches at Microsoft, Facebook, Apple, and Twitter, might have damaged Java's reputation, Eiram said. But if businesses had confidence in Java as being safe and secure, "they haven't been heeding the plentiful warnings provided by researchers for a while," he said.
It's not only Java's reputation that might have been damaged. It's likely some companies are asking whether Java's poor security is reflected in other Oracle products, Gowdiak said.
Eiram hopes the recent attacks will cause companies to re-evaluate whether they need Java in their environments.
"Companies in general are migrating to pure HTML5 based applications and moving away from plug-ins like Flash, Silverlight, and Java," Kandek said. "Java will continue to grow on the server side, where its powerful processing capabilities are absolutely needed."