Back in March and April, when the Java browser plugin was getting hammered with security holes that were being exploited in the wild, we conducted a couple of unscientific polls here on FOSS Force to determine how our visitors were handling this security crisis.
To call the problems that Java was experiencing at the time a “crisis” is not an exaggeration. If you’ll remember, the situation was considered so serious that here in the U.S., the Department of Homeland Security was urging everyone to disable the Java plugin.
These two Java polls were among the first we conducted on FOSS Force and received about the fewest votes of any polls we’ve conducted so far. Undoubtedly, this was partially due to the fact that we were just beginning to conduct polls on the site, and so polling here was something new to our visitors. Also, our articles on Java security issues received a smaller number of page views than most articles we publish. However, low readership notwithstanding, we will continue to cover serious security issues, because we think it’s important that we do so.
In both polls, we attempted to limit votes to one vote per IP address. Although this is not a perfect way to limit votes, we feel that it suffices for the purpose of these unscientific polls.
The first Java poll began on April 14th and ended on April 28th. It ran inside the article Java Remains Unsafe–Not Likely To Be Fixed Soon. In this poll we wanted to see if our visitors were taking the security warnings about Java seriously, and to see if they were heeding concerns expressed by some security experts that Internet-facing Java was inherently unsafe.
This poll posed the question, “Have you disabled Java in your browser and do you intend to keep it disabled even after all security issues have been fixed?” This poll received a total of 35 answers. Those taking the poll were allowed to select one answer only from a list of seven. In the list below, after each answer is the percentage and exact number of votes received by that answer.
I’ve disabled Java and I intend to keep it disabled forever – 40% ( 14 votes )
I’ve disabled Java but I’ll enable it again as soon as it’s safe – 17% ( 6 votes )
I have not disabled Java but I intend to do so – 6% ( 2 votes )
I haven’t disabled Java and I’m not going to do so – 26% ( 9 votes )
I don’t know how to disable Java – 0% ( 0 votes )
I don’t know – 6% ( 2 votes )
Other – 6% ( 2 votes )
Those who chose the answer “Other” were given the opportunity to supply their own answer. The two answers received here were “needed for work” and “either fix or trashcan Java security hole.”
In the second Java poll we attempted to discover if people thought the security problems in Java were specifically due to the program’s ownership by Oracle, a company that’s often not held in high esteem by members of the Free Software community. This poll was very simple and straightforward, asking the question, “Do you trust Oracle to keep browser-side Java secure?” The four answers available in this poll were Yes; No; Doesn’t matter, I’ve disabled Java; and Other. Again, users answering “Other” were allowed to supply their own answers.
This poll ran from April 22nd through May 6th and was placed inside the article Oracle Serious About Java Security–Maybe and received a total of 16 votes, half of which voted No. Second place went to “Doesn’t matter, I’ve disabled Java” with five votes or 31% of those cast. Two people voted Yes and Other received one vote. The Other vote indicated that he or she trusted Oracle “somewhat.”
Although both of these polls represent much too small of a sampling to be considered indicative of anything–it’s still fair to say that FOSS Force’s readers don’t particularly trust either browserside Java or Oracle, which is pretty much what we expected.