An early January Java zero-day bombshell has been just the inauspicious start to 2013 that many security researchers needed to set off talks again about the future of Java as a software platform. It's a continuation of a drumbeat that started after last year's rash of zero-days and one that's now gained an officious band leader in the form of the Department of Homeland Security's Computer Emergency Readiness Team (CERT), which this week suggested users disable Java in Web browsers.

But disabling Java is not a simple prospect for enterprises that may depend on it heavily to run business-critical applications.

"For a lot of home users, it's true you can disable Java or uninstall Java and it may not really affect your experience online," says Liam O Murchu, research for Symantec Security Response. "But for businesses, Java is used a lot for more heavy-duty applications. So from a business point of view it is a little more difficult to say 'OK, let's disable Java,' because it may be needed for your day-to-day business."