The real world would be nicer if Oracle actually worked on fixing Java security issues. They have a bad history of pretending that security holes have been fixed and/or pretending that they do not exist, while exploits run rampant.
Most of Java is open-source now. I wonder why the dependence on Oracle is so high. If Apache or a similar foundation would fork(+) and adopt it, it will benefit the Java eco-system tremendously.
Mozilla working on the web platform has more impact. The sites that still rely on a Java plugin were expecting binary compatibility and a big vendor's security support because that sounds cheapest long term, now that it doesn't happen, heads in the sand or a web port are a lot more likely than forking Java.
Apache did try to fork it with Harmony ( http://harmony.apache.org/ ), but Sun pulled every trick in the book to keep people from contributing and/or adopting it. Then again, the code is still extant, could be time to pull it out of the attic.
Indeed, but the situation has changed now. Sun, just before it got acquired by Oracle, had open sourced the last remaining puzzle: the Java compatibility test suite. Which allows anyone to run the test suite, claim and validate that their software is conformant with Java.
Not quite. You have to have your code "substantially based" upon OpenJDK, and be GPLed, in order to use their validation suite. So Harmony still would not be able to use their validation suite.
