foojay – a place for friends of OpenJDK

Community manager Brian Vermeer

Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

- JEPs
- Security
You’re Running Untrusted Code!

I’m afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code.

Nicolas Frankel
January 17, 2022

Read more
- Security
Log4Shell Shows The Need for “Trustworthy Java”

I think the Java community handled this crisis poorly and needs to do much better next time. What do you think?

Karsten Silz
January 10, 2022

Read more
- Security
Java Logging: What To Log & What Not To Log?

Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.

In this article, I am going to guide you through a pragmatic approach to Java logging—what should we log, what shouldn’t we log, and how to implement Java logging properly.

Brian Vermeer
December 18, 2021

Read more
- Security
Log4Shell / Leak4J

Over the last couple of days (and nights) I’ve been studying the new (extremely dangerous) vulnerability in log4j2 called Log4Shell.

Roy van Rijn
December 15, 2021

Read more
- Security
Log4j2 Isn’t Killing Java

Java developers typically choose from several logging systems or facades. Many of these logging frameworks have grown to work together over the years.

Erik Costlow
December 13, 2021

Read more
- Security
Log4Shell: Critical Log4j RCE Vulnerabilty – Update to Version 2.15.0

On Dec.10, 2021, a new, critical Log4j vulnerability was disclosed: Log4Shell. This vulnerability within the popular Java logging framework was published as CVE-2021-44228 and categorized as Critical with a CVSS score of 10, which is the highest score possible. The vulnerability was discovered by Chen Zhaojun …

Brian Vermeer
December 13, 2021

Read more
- JEPs
- Security
New Java 17 Features for Improved Security and Serialization

In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation …

Brian Vermeer
December 02, 2021

Read more
- Security
- Snyk
How Social Trends Help Me Fix Essential Vulnerabilities

Our research team found a strong correlation between socially trending vulnerabilities and the existence of exploits that can actually harm your application.

Brian Vermeer
November 04, 2021

Read more
- DevOps
- Security
PSA: The Risks of Remote JDWP Debugging

Java Debug Wire Protocol (a.k.a. JDWP) was designed for testing internally. Opening it to production is a HUGE security and stability risk…

Shai Almog
October 20, 2021

Read more
- Security
Java: Where the Wild Code Isn’t

In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

Erik Costlow
October 17, 2021

Read more
- DevOps
- JFrog Artifactory
- JFrog Xray
- Security
- Videos
SolarWinds Hack And The Executive Order Of Cybersecurity: What Does This Mean For Us?

In the past two years, we have had to learn a lot about cybersecurity. New attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general.

But what does that mean for us? What can be done about it, and what reactions have the state already taken?

Sven Ruppert
August 19, 2021

Read more

Set Event Reminder

Subscribe to foojay updates: