We have a AWS based back-end, mostly running NIX operating systems. We recently migrated over 1K JAVA instances to Corretto and were pleasantly surprised to see thousands of JAVA vulnerabilities disappear - almost overnight. It was so rapid, it raised some suspicions as to whether our scans had broken.
Upon closer inspection, the underlying NIX hosts are still being scanned, and are fully authenticated. I could only find 2 QIDs with "Corretto" in the title. I don't see any detections related to JAVA on these new hosts.
Are we really rid of JAVA related exploits by moving to Corretto? I went out and bought a new unicorn to carry me as i begin delivering the good news to management but figured i needed a second opinion first. Am i missing something?