Java was originally released with the slogan “write once, run anywhere,” which was intended to underscore its cross-platform capabilities. Over time, Java has become ubiquitous on endpoints, so “run anywhere” can be interpreted as referring to its ubiquity. Even as fewer websites and Web applications require Java in order to operate properly, the technology is pervasive on virtually every end-user system. For a variety of reasons, Java also has become a platform that is highly vulnerable to attack.
Java’s ubiquity and vulnerabilities have made it the technology most frequently exploited by cyber attackers. So it is timely to closely explore the breadth and state of its deployment among enterprises. Bit9 undertook an examination of these questions, leveraging endpoint data across many organizations. The results are surprising and concerning: