The nature of the Java problem is thorny and many-sided, but the underlying question remains: How to get away from our dependency on Java? InfoWorld's Woody Leonhard lays out excellent step-by-step instructions for how users can immediately disable Java in their browsers. But as Gruman observes, users aren't the real problem -- businesses are. Ultimately, the security ball is in enterprise IT's court, and as Grimes rightly highlights, this issue needs to become a top company priority:
If you are tired of unpatched Java being a continuing unresolved problem, if you are tired of business units always pushing back saying you can't upgrade Java because it will break their apps, don't politely ask them anymore. ... Show them how Java is the No. 1 problem and causing the most risk. ... In most companies, senior management has no idea that Java is their No. 1 problem. I'll go further: In most companies, most of the IT security staff doesn't understand that Java is their No. 1 problem. How can you expect to solve your problems if the senior managers involved and the worker bees don't understand the risks and threats?
After this latest bout of collective hand-wringing is over, maybe enterprises and vendors alike will wake up to the risks. Gruman suggests one step in weaning our current operating systems and apps off Java is for the feds to designate non-Java-free operating systems as noncompliant with security standards for gaining or renewing government contracts. "Loss of income is the motivation that vendors and developers need," he writes.
Hit 'em in the bottom line. We can't afford to tolerate the Java problem anymore.
This article, "Why the Java threat rang every alarm," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.