Erik Costlow18 articles

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked with three authors who posted a security and code …

In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

If raccoons were software engineers, they would feel at home inside many enterprise systems. These systems are often full of unused and dead code.

Intelligence Cloud works with any JVM from any vendor or distribution to slash time from tasks across an enterprise’s entire Java estate.

TornadoVM is a programming and execution framework for offloading and running JVM applications on multi-core CPUs, GPUs, and FPGAs.

A demonstration of log4j exploits, which defenses people tried, and which worked. A look at open source funding models, subscriptions, and bug bounty programs to see why it’s sometimes hard to donate.

With Azul Vulnerability Detection, running the software and getting security insight become the same action.

We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!

It’s September 20th, OpenJDK 19 has been released. In this podcast, we discuss the new features and the changes that this release brings.

Christmas revelers and elves are urged to patch their fireplaces, as a Remote Combustion Effect (RCE) vulnerability has been discovered in the traditional holiday YuleLog4J. YuleLog4J is one of the most popular holiday celebrations, appearing in approximately 64% of fireplaces …