Oracle's head of Java security, Milton Smith, has assured users of the software that the vendor will fix its security issues and improve communication efforts.
In a conference call with Java User Group leaders, Smith outlined the technology giant's two main goals.
Java is a mess, says security expert Homeland Security warns Java still poses a threat, despite update Java zero-day exploit being sold for ‘five digits’ Oracle releases fix for zero-day Java exploit as attacks increase
"The plan for Java security is really simple, it's to get Java fixed up, number one; and then number two is to communicate our efforts widely. We can't really have one without the other. No amount of talking or smoothing over is going to make anybody happy or do anything for us. We have to fix Java," he said.
Security experts have regularly suggested that users who do not require Java to open specific websites should simply disable or uninstall the software.
Recently, the US Department of Homeland Security warned that Java was still open to attacks, despite attempts by Oracle, the company behind Java since its acquisition of Sun Microsystems, to fix its vulnerabilities.
A week prior to the US government's warning, it was discovered that Java contained a zero-day vulnerability that could allow hackers to remotely control users' computers through the use of arbitrary code.
Last August, it took Oracle a week to release a fix for another zero-day exploit that presented a risk to all web browsers equipped with the software. Vulnerabilities in Java software were also being sold online last year for "five digits", as revealed by security specialist Brian Krebs.
The constant security issues with Java and what is widely felt to be a lackadaisical response by Oracle has led to a widespread slating of the software by computer security specialists.
But it is not just the security issue that Smith wants to improve. Another key issue, he said, is for Oracle to improve its communication with users.
"We have lots of different audiences that we need to communicate with... and sometimes it's hard to get our message across," he said.
The Java security head added that the "small" team that works on Java security needs to get better at reaching out to consumers, IT professionals running datacentres and the media.