Wow -- whose word to trust?
Local state government in Oregon, or huge multinational software giant and, among other things, curator of Java?
I mean, this is Oracle. They are perfection in coding and pristine in honesty, right?
"Oracle bungled the security updates of its Java SE software so badly it must publish a groveling letter prominently on its website for the next two years." -- El Reg, 22 Dec 2015.
And back in 2013:
Krebs: "Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research suggests that the integrity and accuracy of these warning messages can be subverted easily..."
And not just Java... "Montclair State University is suing Oracle over an allegedly botched ERP (enterprise resource planning) software project, saying a series of missteps and delays could ultimately cost the school some US$20 million more than originally planned, according to a complaint filed last week in U.S. District Court for the District of New Jersey." (Montclair "accused Oracle of breach of contract, gross negligence, willful misconduct and fraud.")
Oracle responded that the project failure was all the fault of the University.
Sure it was.
Clearly Oracle can only be utterly blameless in the Oregon brouhaha, for they are pure and true and never ever forked up even a little bit on any project ever. And they never deceived anyone whilst doing so, either.