It’s a case of good news/bad news for software developer Oracle. In its recent legal woes with the federal government, the company was charged with knowingly putting out software with glaring security flaws. Fortunately, in this particular instance, the Federal Trade Commission didn’t go after massive fines or even jail time for the guilty party. Instead, the FTC settled with Oracle under the condition that the company admit to its users what has transpired, tell them point-blank whether or not their versions of Java SE are compromised, and then work to make it right at no cost to the users.



That doesn’t sound so bad, right? Especially since Oracle doesn’t even have to admit they did anything wrong on record. But there’s a catch: this software is currently running on at least 850 million computers around the world. The FTC may not be levying a fine against Oracle, but this still won’t come cheap to the developer. And unless certain provisions were written into the settlement agreement, this could easily open the door for a class-action lawsuit on behalf of consumers.

After all, the original charges against Oracle include the fact that the company knew Java was vulnerable when the company bought it in 2010. Internal memos seized by the government during the course of their investigation showed that executives knew about the security flaw and decided not to address it. That flaw left the door wide open for hackers to steal information from users’ computers, and at this point there’s little way of knowing how far the impact of that flaw might have gone.

For now, users are being directed to for further directions on removing old versions of the software. Oracle will be following up with further compliance or face additional charges from the FTC.