I maintain a list of JCE (Java Cryptography Extension) providers. While updating the list last week, I noticed that the list had grown shorter. Research revealed three causes. First, most of the smaller commercial vendors have gone out of business. Second, some of the larger vendors no longer offer cyrpto products or haven't released a new version of their software in quite some time. Finally, many of the free software projects no longer appear to be actively maintained. 

This situation is both good and bad. It's good because it implies that Sun's reference implementation is of sufficient quality, and when it's not appropriate there is a reasonable alternative. It's bad because narrowing the field leaves fewer options for developers. This is especially apparent in the free software space, in which only the Bouncy Castle package seems to be in active development.

On the whole, however, I believe the good outweighs the bad. The remaining implementations appear to be of high quality -- in security, quality outweighs almost every other variable including licensing terms and cost.

Here's my current list of JCE providers. Notice how it's beginning to look like Sun's much less frequently updated list.

IBM provides a complete alternative to Sun's reference implementation. Part of their technology appears in their implementation of the JDK. Other pieces are available as part of IBM WebSphere preview technologies for Windows: http://www7b.boulder.ibm.com/wsdd/wspvtindex.html

The Legion of the Bouncy Castle provides a clean room, free software provider for the JCE: http://www.bouncycastle.org

Phaos Technology provides a JCE compatible implementation of their cryptography software in their Phaos Crypto package: http://phaos.com/products/crypto/crypto.html

RSA sell BSAFE Crypto-J includes support for JCE:
http://www.rsasecurity.com/products/bsafe/cryptoj.html

Wedgetail Communications (formerly DSTC Security) sells a broad selection of cryptography solutions: http://www.wedgetail.com/jcsi/