Author: Erik Costlow

Erik Costlow

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

  • Book Review: “Quarkus for Spring Developers”

    Quarkus for Spring Developers is a straight-forward guide to enable senior developers to quickly shift their Spring skills to leverage the “supersonic subatomic” Quarkus framework, and junior/mid-level developers to learn two frameworks at once.

    The book gets straight to the point of Quarkus’ speed before the first chapter, with the foreword providing a real world testimonial of Quarkus software that many Java developers already use.

    Erik Costlow
    Read more
  • Foojay Podcast #3: Journey to Jakarta EE

    Foojay community members discuss the modernization of Jakarta EE applications from the older Java EE form, including backwards-compatibility, as well as forwards-excitement about cool new developments like Microprofile.

    Read more
  • Foojay Podcast #2: Embedded Java

    Foojay community members and beyond discuss embedded Java, featuring the following speakers:

    James Gosling, creator of Java and embedded enthusiast; Frank Delporte, engineer with Toadi, an autonomous lawn-mowing robot; Johan Vos, founder of Gluon, helping make fully cross-platform applications.

    Hosted by Erik Costlow, developer relations for Contrast Security, locating security flaws in backend systems.

    Read more
  • Foojay Podcast #1

    Foojay community members discuss recent news: JavaFX Skins for cross-platform apps on Android, iOS, and regular computers, BlockHound, for detecting cases of blocking in reactive (non-blocking) application, JEP 411, the SecurityManager deprecation, and the recent Snyk/Azul community survey.

    Read more
  • Java: Where the Wild Code Isn’t

    In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

    Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

    Erik Costlow
    Read more
  • The SolarWinds Hack for Java Developers

    The SolarWinds attack is unique in that the hackers did not exploit a vulnerability in an application, rather they broke into the company and attacked the development pipeline. The attackers’ implant worked in the build process,

    injecting new code into SolarWinds Orion as it was built to enable command & control capabilities on target systems that ran the application.

    For Java developers and architects who design, build, and run applications, there are two core take-aways.

    Erik Costlow
    Read more

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard