I'm a broken record, I know, but every month that goes by we get more and more news that suggests that Java developers (and the companies that support Java) are slow to wake up to these threats.
You remember Outlook, maybe some of you are unlucky enough to still use Outlook, but for Microsoft, Outlook was a multi-year security embarrasment. From 1999 to around 2005 it felt like Outlook was having a security vulnerability every other minute. Back then, there were so many that, in technical circles, Outlook became something of a joke to anyone who valued security. In fact, you could make a compelling argument that Outlook's multi-year security challenges were the weak point in the armor that provided an opening to Google's GMail (and once you've decoupled from Outlook, why not try that Macbook Pro you've been eyeing).
If this trend in Java doesn't stop - if we don't stop experiencing billion-user, level 10 CVSS security exploits every other week in Java - all the inertia in the world won't stop a shift to another language or another platform. Check out this news that just crossed the wire yesterday from Softpedia: