A recent conference call with Java’s head of security, Milton Smith, said the right things. As an organization it seems like Oracle finally realizes just what a problem they’ve got for themselves and that the road to cleaning up the mess is more than a single patch. Oracle is taking steps like automatically removing older versions of Java when you update to the latest, as reported in The Register. If one has a broken application, one of the most important steps is to get your customers down to fewer different versions. It is a painful process because there will often be short term customer attrition during that phase. Yet history has shown that this consolidation leads to better overall products and increased innovation.