Erik Costlow14 articles

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

Latest post Foojay Podcast #17: Execute Java Code with TornadoVM on CPUs, GPUs, and FPGAs

TornadoVM is a programming and execution framework for offloading and running JVM applications on multi-core CPUs, GPUs, and FPGAs.

March 27, 2023

Java Security: Log4J, the SecurityManager, and Funding

A demonstration of log4j exploits, which defenses people tried, and which worked. A look at open source funding models, subscriptions, and bug bounty programs to see why it’s sometimes hard to donate.
Erik Costlow

March 24, 2023
Security
Videos
Moving Security into the JVM

With Azul Vulnerability Detection, running the software and getting security insight become the same action.
Erik Costlow

February 17, 2023
Release Notes
Security
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?

We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
Brian Vermeer,

Erik Costlow,

Frank Delporte

November 21, 2022
Developer Tools
DevOps
Foojay
Java Core
Podcast
Security
Foojay Podcast #5: OpenJDK 19 Discussion Panel

It’s September 20th, OpenJDK 19 has been released. In this podcast, we discuss the new features and the changes that this release brings.
Deepu K Sasidharan,

Erik Costlow,

Frank Delporte,

Miro Wengner

September 20, 2022
Java Core
Podcast
Project Panama
Records
Sealed Classes
Santa Claus Issues YuleLog4J Advisory

Christmas revelers and elves are urged to patch their fireplaces, as a Remote Combustion Effect (RCE) vulnerability has been discovered in the traditional holiday YuleLog4J. YuleLog4J is one of the most popular holiday celebrations, appearing in approximately 64% of fireplaces …
Erik Costlow

December 24, 2021
Foojay
Log4j2 Isn’t Killing Java

Java developers typically choose from several logging systems or facades. Many of these logging frameworks have grown to work together over the years.
Erik Costlow

December 13, 2021
Security
Foojay Podcast #4: Why So Many JDKs?

In this podcast, we explore the topic of why there are so many JDKs, how are they the same, and how they are different!
Erik Costlow,

Simon Ritter

October 19, 2021
Podcast
Java: Where the Wild Code Isn’t

In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.
Erik Costlow

October 17, 2021
Security
Book Review: “Quarkus for Spring Developers”

Quarkus for Spring Developers is a straight-forward guide to enable senior developers to quickly shift their Spring skills to leverage the “supersonic subatomic” Quarkus framework, and junior/mid-level developers to learn two frameworks at once.

The book gets straight to the point of Quarkus’ speed before the first chapter, with the foreword providing a real world testimonial of Quarkus software that many Java developers already use.
Erik Costlow

October 04, 2021
Book Review
Books
Foojay Podcast #3: Journey to Jakarta EE

Foojay community members discuss the modernization of Jakarta EE applications from the older Java EE form, including backwards-compatibility, as well as forwards-excitement about cool new developments like Microprofile.
Erik Costlow,

Ivar Grimstad,

Josh Juneau,

Rudy De Busscher

August 31, 2021
Jakarta EE
Podcast

1-11 of 14

Erik Costlow14 articles

Set Event Reminder

Subscribe to foojay updates: