Friends of OpenJDK Today

Java Security: Log4J, the SecurityManager, and Funding

March 24, 2023

Author(s)

  • Avatar photo
    Erik Costlow

    Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. ... Learn more

A demonstration of log4j exploits, which defenses people tried, and which worked.

We'll cover how groups responded effectively to patch to see what was common.

We'll also look at open source funding models, subscriptions, and bug bounty programs to see why it's sometimes hard to donate.

This talk uses actual exploit code that takes over systems through their log messages to open calculators.

Related Articles

View All

Author(s)

  • Avatar photo
    Erik Costlow

    Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. ... Learn more

Comments (0)

Your email address will not be published. Required fields are marked *

Highlight your code snippets using [code lang="language name"] shortcode. Just insert your code between opening and closing tag: [code lang="java"] code [/code]. Or specify another language.

Save my name, email, and website in this browser for the next time I comment.

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard