Foojay Today

Java Security: Log4J, the SecurityManager, and Funding

March 24, 2022

A demonstration of log4j exploits, which defenses people tried, and which worked.

We'll cover how groups responded effectively to patch to see what was common.

We'll also look at open source funding models, subscriptions, and bug bounty programs to see why it's sometimes hard to donate.

This talk uses actual exploit code that takes over systems through their log messages to open calculators.

Related Articles

View All
  • Java: Where the Wild Code Isn’t

    In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

    Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

    Read More
    Avatar photo
    Oct 17, 2021
  • Project Panama for Newbies (Part 1)

    In this series of articles, we will explore the APIs from OpenJDK’s Project Panama.

    My intent is to show you how to be proficient in using the Foreign Linker APIs (module ‘jdk.incubator.foreign’) as it relates to Java interoperability with native code.

    While this article is for newbies, I assume you know the basics of the Java language, a little bash scripting, and a familiarity with C programming concepts. If you are new to C language don’t worry I will go over the concepts later.

    Read More
    Aug 10, 2021
  • 7 Reasons Why, After 26 Years, Java Still Makes Sense!

    After many discussions with Java developers, combined with my personal experiences with the Java community and platform, here are the key reasons why Java developers love Java after all these years!

    Read More
    Mar 15, 2022

Author(s)

  • Avatar photo
    Erik Costlow

    Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. ... Learn more

Comments (0)

Your email address will not be published.

Highlight your code snippets using [code lang="language name"] shortcode. Just insert your code between opening and closing tag: [code lang="java"] code [/code]. Or specify another language.

Save my name, email, and website in this browser for the next time I comment.

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard