The Anatomy of Java Vulnerabilities

Track: Security
Java is everywhere. According to Oracle, it’s on 4 billion devices and counting. As we’ve seen with vulnerabilities like Log4Shell, keeping up to date with patches is critical, but each time you do, it’s an opportunity to break your code or let a new vulnerability in. How do you decide what to patch and what to ignore? In this talk, you’ll learn about Java vulnerabilities in general: what a ‘vulnerability’ actually is, how they are discovered, reported, managed, assessed and fixed as well as hearing a little about the specifics of attack vectors and bad actors. Understanding how to choose your dependencies more wisely to reduce your exposure and keep your application working is a skill we all need to grow - start here to begin that journey.
Theresa Mammarella
Theresa’s current role is as a developer advocate at Sonatype. She is a software engineer and open source contributor especially focused on JVM and compiler related projects.