The Anatomy of Java Vulnerabilities

Track: Security
Abstract
Java is everywhere. According to Oracle, it’s on 4 billion devices and counting. As we’ve seen with vulnerabilities like Log4Shell, keeping up to date with patches is critical, but each time you do, it’s an opportunity to break your code or let a new vulnerability in. How do you decide what to patch and what to ignore? In this talk, you’ll learn about Java vulnerabilities in general: what a ‘vulnerability’ actually is, how they are discovered, reported, managed, assessed and fixed as well as hearing a little about the specifics of attack vectors and bad actors. Understanding how to choose your dependencies more wisely to reduce your exposure and keep your application working is a skill we all need to grow - start here to begin that journey.
Steve Poole
Developer Advocate,Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. Also had time to work on other things including various JSRs, being a committer on various open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.
Theresa Mammarella
Theresa’s current role is as a developer advocate at Sonatype. She is a software engineer and open source contributor especially focused on JVM and compiler related projects.
logo
speakers   sessions   sponsors   conference info  
  code of conduct   privacy policy   organizers   past conferences  
We are open-source