Re: So Java no longer the main attack vector?
A reduction in Java attacks has nothing to do with Oracle making it more secure and everythign to do with no one installing it. These days you only install Java if a user actually needs it and unless you've been writing LOB apps in Java those users are few and far between.
If MS would stop Windows Update foisting Silverlight on people who don't need it (almost everyone) then it would be less of a problem too.