Brian Fox

Brian Fox

Biography

Co-founder and CTO at Sonatype, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Java Security Jumpstart Workshop
Introductions Cyber Attacks and the Developer Introduction to the current state of cyber attacks. Motivations, objectives, methodologies. Changing the mindset of the developer. Examples and discussions on how individuals, communities and open source projects get attacked and exploited. Learning from the Log4Shell saga. Hands-on demonstration, analysis and discussion of the many ways that the vulnerability can be exploited. Better coding for more secure software Series of hands-on exercises with sample code and discussion afterwards Covers most of the 7 pernicious kingdoms Dealing with Java serialisation How serialisation works and how it’s exploited. How to write safter Java code Alternatives to Java Serialisation Introduction to microstream with hands-on Software Supply chain New government directives that will affect how software is produced and consumed The SBOM forcing function: how open source communities are affected. Why your build pipelines will need turbo-charging Advanced guidance on selecting open source projects -its more than functionality Hands-on review of related open-source tools that should be on your list now Commercial interlude and why good intelligence is vital Snyk / Sonatype portfolios Wrap up