If there is any conclusion to draw from these proposed mitigation methods is that none of them will fit everyone's needs.

"The most appropriate strategy is going to vary greatly depending on your organization's security posture as well as the extent you are using Java in business critical apps," Stephen Cobb, a security evangelist at antivirus vendor ESET, said Tuesday via email. "All of which makes endorsing a specific strategy for everyone impractical."

Many security experts, including Wisniewski and Cobb, believe that Oracle should break out of its regular 4-month patching cycle and fix this vulnerability as soon as possible. The next batch of security patches for Oracle products are otherwise scheduled to be released in October.