Despite the significant Java security improvements made by Oracle during the past six months, Java vulnerabilities continue to represent a major security risk for organizations because most of them have outdated versions of the software installed on their systems, according to a report by security firm Bit9. Bit9's report was released Thursday and is based on data about Java usage collected from approximately 1 million enterprise endpoint systems owned by almost 400 organizations that use the company's software reputation service.