However, not everyone agrees that companies should migrate to Java 7. Adam Gowdiak, the founder of Security Explorations, a Polish security company with a strong focus on Java vulnerability research, believes that from the prospect of vulnerabilities being found in the code, migrating to Java 7 represents a higher risk than continuing to use Java 6.
"Our research proved that Java 7 was far more insecure that its predecessor version," Gowdiak said via email. "There were also many indications that certain new features introduced into Java 7 such as the new Reflection API didn't run through any security review."
"We are not surprised that corporations are resistant when it comes to the upgrade to Java 7," Gowdiak said. "The number of security bugs we found in Java 7 speaks for itself."
Because of this, Oracle should extend the public support period for Java 6, he said.
According to Oracle's support roadmap for Java, the company will stop issuing public updates for Java 6 after February 2013. Companies interested in receiving Java 6 security advisories, patches and bug fixes, after that date will have to sign up for a commercial extended support service.