Thursday, 28 January 2016 08:34

Oracle says they will kill off the Java Browser Plug-In... sometime in the future

Written by

Reading time is around minutes.

It seems that the stars might finally align to remove one of the largest security holes in the history of… well history itself. Oracle is announcing that it is finally getting rid of the Java Browser Plug-in… sometime. According to a blog post on the Oracle page they are aware that most (if not all) browsers are already blocking plug-ins like the one in the Java Runtime Environment. These are for security, stability and performance, and really should have been done a long time ago. Over the last few years the Java browser plug-in (along with Flash) has been the vector of choice for many web-based attacks.

Sadly the announcement does not give a timeline for the full removal, it just states that in Java Development Kit 9 the plug-in will be depreciated. Oracle is asking developers to move away from the use of Java applets to their Java Web Start platform, but they are not pushing the move. This means that its usage will be limited and not part of best practices for programing. Considering that a lot of organizations are still on JRE 7.5x or worse it is not likely that we will see any significant impact from this move until 2017 or later.

Plug-in support is likely to remain in place for a long time as there are a number of companies that use Java in their applications. These companies are not going to ramp up development and launch cycles to move to a new Java technology just because Oracle is asking. They will continue to ask their customers to deprecate their security in order to keep working. It is a sad commentary on the industry that most developers know it is more costly to replace an application than it is to deal with potential risks. The bean counters are going to weigh those and stick with the less secure option.

We have been waiting for the death of Flash and Java for years and despite this announcement we will still be waiting on Java to go away for years to come.

Read 2582 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.