Log4J, SpringShell and all that Jazz (or why bad things can happen to good software)
A SkillsCast for this session is not available.
At the turn of the millennium IT organisations had about 60 days to fix software vulnerabilities. That meant from announcement to widespread exploitation took about two months. Fast forward to 2022 and, well, it’s not good. Zero day vulnerabilities have come and gone.
The world now have to learn how to deal with widespread exploitation happening before a fix is available. In this session we’ll look at Cybercrime and its bigger more dangerous cousin: Cyber-warfare.
I’ll explore the drivers behind the radical shift, the software arsenal available and how and why developers are both target and unwitting helpers.
Quick demos of Log4Shell and SpringShell will help us understand the basics of how we make software vulnerable and maybe, what we can do to reduce the risks. Governments are beginning to understand the threat as well and new ideas and directives are emerging. However these have consequences for developers too.
The last 20 years has been a long wake-up call. The next 20 may see software development change beyond recognition.
YOU MAY ALSO LIKE:
Log4J, SpringShell and all that Jazz (or why bad things can happen to good software)
Steve Poole
Steve has been working on Java SDKs and JVMs since Java was less than 1 year old - that's a long time! His current role is Developer Advocate at Sonatype, the company who automates software supply chain security to accelerate developer innovation.
His credentials are equally long; Developer Advocate, Security Champion, DevOps practitioner (whatever that means), long time Java developer, leader and evangelist. JavaOne Rockstar, JSR leader and representation, committer on open source projects including ones at Apache, Eclipse and OpenJDK.
Steve is a seasoned speaker and regular presenter at international conferences on technical and software engineering topics.