Java Security: Log4J, the SecurityManager, and FundingMarch 24, 2022
A demonstration of log4j exploits, which defenses people tried, and which worked.
We'll cover how groups responded effectively to patch to see what was common.
We'll also look at open source funding models, subscriptions, and bug bounty programs to see why it's sometimes hard to donate.
This talk uses actual exploit code that takes over systems through their log messages to open calculators.