Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.
Foojay community members and beyond discuss embedded Java, featuring the following speakers:
James Gosling, creator of Java and embedded enthusiast; Frank Delporte, engineer with Toadi, an autonomous lawn-mowing robot; Johan Vos, founder of Gluon, helping make fully cross-platform applications.
Hosted by Erik Costlow, developer relations for Contrast Security, locating security flaws in backend systems.
Foojay community members discuss recent news:
JavaFX Skins for cross-platform apps on Android, iOS, and regular computers.
BlockHound, for detecting cases of blocking in reactive (non-blocking) applications.
JEP 411, the SecurityManager deprecation.
The recent Snyk/Azul community survey.
In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.
Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.Erik Costlow
The SolarWinds attack is unique in that the hackers did not exploit a vulnerability in an application, rather they broke into the company and attacked the development pipeline. The attackers’ implant worked in the build process,
injecting new code into SolarWinds Orion as it was built to enable command & control capabilities on target systems that ran the application.
For Java developers and architects who design, build, and run applications, there are two core take-aways.Erik Costlow