Even with security software in place, though, there's no need to leave your devices open to undue risk. If you use Java frequently, or rely on it for specific tasks, you'll need to apply the patches from Oracle, and just keep your guard up for the next threat. However, if you don't really use Java on a regular basis, by all means go ahead and disable or remove it.
When Apple finally got around to patching its version of Java to address the Flashback malware plaguing Mac OS X systems, it also took proactive steps that others should learn from. Apple implemented a system that automatically disables Java if it's not being used. If Java is inactive for 35 days, Apple simply turns it off to remove it as a potential attack vector.
Until or unless Oracle cleans up its act and comes up with a much more streamlined and effective way of dealing with known vulnerabilities, it makes sense to take a hint from Apple.