Interesting post on the WashPo’s Sun security blog. Another Java security patch going out, and though theoretically it’s for Java 6, it also patches holes in older software that might still be on your machine — and there is almost certainly older software still on your machine. One of Java’s dirty little secrets is that there tend to be multiple versions of the JVM on any machine for backwards compatibility reasons — but that leaves dangerously unpatched earlier unmaintained code lying around. This strikes me as an upshot of having the JVM almost be like an OS-within-an-OS for code to run on — it leaves Sun with a burden not felt by other language creators. There will apparently be some Java-related security presentations at the upcoming Black Hat seminar — some of which will concern unpatched bugs. Security