Large companies tend to have important enterprise applications that require Java to run and, even worse, in some cases upgrading the version of Java on the user's desktop will break the application. You then end up with hundreds or thousands or users with vulnerable versions of Java on the PC that you can't upgrade until the software vendor fixes whatever is wrong with their application.
I've seen it countless times at my previous job (.edu with 1000s of staff and faculty) where we were basically helpless to do anything because absolutely critical applications would break if we upgraded Java on the desktop.
Solution: closely monitor traffic to/from user's PC's, hope for the best, and re-image when they inevitably got pwned.
Before someone chimes in with the obvious "switch to a different application", it's not that easy when you have millions invested and training the user base sometimes takes months.
Oracle BTW offers paid support for old Java versions long after they no longer release public updates. The Feb 2013 end of support date for 6.0 is for free support.
Large companies tend to have important enterprise applications that require Java to run and, even worse, in some cases upgrading the version of Java on the user's desktop will break the application. You then end up with hundreds or thousands or users with vulnerable versions of Java on the PC that you can't upgrade until the software vendor fixes whatever is wrong with their application.
I've seen it countless times at my previous job (.edu with 1000s of staff and faculty) where we were basically helpless to do anything because absolutely critical applications would break if we upgraded Java on the desktop.
Solution: closely monitor traffic to/from user's PC's, hope for the best, and re-image when they inevitably got pwned.
Before someone chimes in with the obvious "switch to a different application", it's not that easy when you have millions invested and training the user base sometimes takes months.
Yeah, I hate Java.