If you are tired of unpatched Java being a continuing unresolved problem, if you are tired of business units always pushing back saying you can't upgrade Java because it will break their apps, don't politely ask them anymore. Instead, create a whitepaper for your company. Show them how unpatched Java is wrecking havoc across the enterprise. Show them how Java is the No. 1 problem and causing the most risk.
Then present the challenges. Then present the solutions. Then send this paper to your boss and hopefully up the chain of command until it reaches and gets approved by the CIO.
You can't fix the problem, because of the potential operational issues, until you have the seal of approval from senior management. So get on with it! Get senior management involved.
I can't think of a C-level officer, when shown his company's No. 1 problem in a particular area, who won't feel a fiduciary duty to commit the resources to allow his people to solve that problem. Not doing so would put that officer at risk to his own bosses.
In most companies senior management has no idea that Java is their No. 1 problem. I'll go further: In most companies, most of the IT security staff doesn't understand that Java is their No. 1 problem. How can you expect to solve your problems if the senior managers involved and the worker bees don't understand the risks and threats?
That's the silver lining behind this latest and most serious threat: No one can ignore the problem anymore. Responsible companies are going to need to carve out the resources to address it.
This story, "Just patch Java? Easier said than done," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.
