It's not that Java is especially vulnerable or poorly maintained, or that Oracle people can't write a patch as fast as icedtea people. We are used to patch, configure, make install, but you have to remember Java in SUN tech, and SUN took pride in elegant code (zfs, dtrace, etc) and could never understand the market preferred less elegant code with non-primitive plumbing.
I suspect that to transform changed JVM code in something that can be downloaded for Windows/Solaris/Linux Oracle needs its people to click in various GUI tools, drag and drop files from folders to folders, get approval from various management and QA teams (either physically or through some web forms), and that the whole thing is such a manual bureaucratic nightmare they pretty much can only do releases on a schedule prepared months in advance.
The modus operandi of a company like SUN/Oracle is light years away from the one of the Linux kernel, where Linus could freeze operations a few weeks to write git, just because he didn't like his tooling, and wanted something more efficient. At Sun/Oracle some people write code and others transform it in product binaries, and no one in the first group would even dream intruding on what the second group does.