Cisco: 91 percent of all successful Web exploits involve Oracle Java JRE. Java has led the way as the No. 1 vulnerability since at least June 2010, when Microsoft reported Java overtook Adobe PDFs as the top concern. Oracle or Java’s previous owners shouldn’t get all the blame for the bad rap Java is earning. Java comes with a built-in autopatching routine that, if allowed to run, will close the latest known vulnerabilities and ensure older versions are no longer left behind.”]
Source: https://www.csoonline.com/article/2610267/patching-has-failed–so-it-s-time-for-java-to-go.html