Java Security Resource Center
Developers creating secure applications with Java should familiarize themselves with the following resources:
The Advanced Management Console helps system administators manage old Java versions by which applications need which older Java version. The Advanced Management Console decreases the attack surface of those older versions by limiting their exposure and maintaining compatibility with known-safe applications.
System Administrators are responsible for running Java applications in a secure manner, following principle of least privilege, and staying up to date with Java’s secure baseline (either for standard Java SE or the Server JRE).
End Users running Java on their computers only need a few steps to verify and understand Java security on their devices:
Security Professionals performing system auditing, threat modeling, architecture, or code reviews of Java applications should familiarize themselves with Java’s security architecture and API documentation.