So Java no longer the main attack vector?
Interesting. It seems that Oracle's focus on fixing Java's security is finally working. Meanwhile, it's now "secure" .NET the one growing holes. Okay, maybe they're targeting Silverlight because that one's suffering a slow, silent death these days...