The "Best Practices" I keep seeing by the experts on this topic are "java will always have security problems"
I behave as if that were true, by keeping Java turned off and and Flash blocked until I choose to allow it for specific tasks or web sites. But that 'best practice' comment really was about how to deal with JavaScript and its vulnerabilities. I suppose I could have been more clear about that.
