From the comments, something I agree with:
Java is a general purpose programming language with the best portability profile of the lot (given its feature set) and as such, the vast majority of Java users are using it instead of using C, C++, COBOL, etc. on many platforms and for them those security issues of Java on the web is not really important. For Oracle, IBM and many other big companies (Google included), Java does a great service of a portable general purpose language and this is not going away anytime soon. I do agree with your point that Oracle needs to get its act together in being more responsive, more responsible and more transparent in handling security issues. Microsoft has done tremendous job on that front (even if they are still fighting their hairy legacy). I also agree with you that open source is not in their DNA (Larry’s – it just gives him the creeps).Bugs notwithstanding, it is important to keep in mind that this entire discussion is relevant ONLY to the use of Java as a language for safely downloading applications (or applets) on the web. For that, the world is slowly learning, Java is not so much better than Microsoft’s ActiveX which runs native code even though it was designed to allow sandboxing. This is also the reason why many people today are skeptic about Google’s NaCL project which offers similar premises.
I agree that open source really isn't Oracle's forte. My father works for Oracle and said that letting Apache take over OpenOffice was one of their smartest moves because they really needed the man power on other projects. This article does raise concerns for me though.