Almost 95 per cent of endpoints running Java and making active requests are currently vulnerable to at least one Java exploit.
According to research by Websense Security Labs, almost 75 per cent of end-users are using a Java Runtime Environment release that is more than six months out of date, while almost two-thirds of users are a year behind and more than 50 per cent are two years behind.
Websense said that it added Java version detection to its advanced classification engine to get real-time telemetry about which versions of Java are actively being used across tens of millions of endpoints. It also found that only about five per cent of active users were using the latest Java Runtime Environment (1.7.17).
In other Java news, Coverity has launched a scanning tool for Java open source projects. Jennifer Johnson, chief marketing officer at Coverity, said: “We have worked with the leading open source projects in the C/C++ community to help them find and fix issues in their software.
“By extending Coverity Scan to now include Java projects, we will be able to help drive even higher levels of software quality and security throughout the open source community.”