Keep in mind that the exploiters are moving faster than the companies. Java is pretty much ALWAYS vulnerable.
Central tenet of information security is that there's no such thing as being secure. Focus on the response, and minimizing losses from the INEVITABLE breach.