We are using a log and event manager software which incorporates its own installation of Java 6. Towards the end of the year they will be issuing a software update which will use whatever the latest version of Java 7 is, but there will not be a feature for software subscribers to keep that version up to date. Since this installation of Java is not in the default install location for Java, and since the nodes on which the log and event manager agent is being installed are not used to browse the web, are we really secure from future vulnerabilities found in Java? In other words, would updating the default installation of Java be enough to keep these nodes secure from Java vulnerabilities? The vendor says their installation is sandboxed.