October 9, 2014 - Waratek, the Java application protection and management company, today announced the results of a survey conducted at the JavaOne 2014 Conference last week. Nearly two-thirds of senior IT professionals polled said their Java applications contain 50 percent or more third party code. Meanwhile, nearly 80 percent believe their applications are somewhat (46%) or very secure (33%). These findings are surprising given the recent disclosure of two massive vulnerabilities in widely used third-party libraries -- the "Shellshock" and "Heartbleed" bugs.

“It’s a well-known fact that custom developed Java applications are largely constructed with third party software libraries that provide no assurances of security or timely vulnerability mitigation,” said Brian Maccaba, CEO of Waratek. “What we found surprising was the high degree of confidence that software developers have in the security of Java applications that use open source components, especially given the widespread threats posed by the recent ‘Shellshock’ and ‘Heartbleed’ software flaws.”

Waratek surveyed more than 100 senior IT executives and Java professionals at the JavaOne 2014 Conference last week about their enterprise and application security concerns. According to those polled:

• Java applications are very secure (33%), somewhat secure (46%) and not very secure (13%)
• Third Party/Open Source code makes up more than two-thirds of applications (27%), more than half (30%), more than a quarter (16%) and less than a quarter (19%)
• The most important considerations in moving Java applications to the public cloud are: security (71%), Stability/Uptime (54%) and Portability/Migration (28%)
• Nearly half (46%) said the ability to run Java applications in a secure container would accelerate their plans to move to the public cloud

The JavaOne conference brings together Java experts and enthusiasts for an extraordinary week of learning and networking focused entirely on all things Java. With more than 550 sessions covering topics that span the breadth of the Java universe, keynotes from foremost Java visionaries, tutorials, and expert-led hands-on learning opportunities, JavaOne is the world’s most important event for the Java community.