Speaker Details

Steve Poole

Sonatype

Me

Log4Shell : Armageddon or Opportunity?

Conference
Security

It’s said that everyone remembers where they were when a momentus event occurs. Where were you on the 10 December 2021 or did the most comprehensively dangerous Java vulnerability pass you by?


Don’t be fooled into thinking it’s all over. Even by mid year the number of vulnerable servers will still be high because organisations still fail assess their vulnerability state correctly.  


In this talk I’ll cover, in detail, the actual mechanics of the vulnerability and demo a simple attack. I’ll take you through why this vulnerability can be as bad as it gets and explain what the options are to protect you application and how to assess if you’re still at risk. 


It’s not all bad news. The Log4Shell wake up call shows us that we’re not paying the right sort of attention to security across the board but we can learn to do better. I’ll end the talk with explaining why security really matters, what developers can do improve their understanding of security principles in general and cover some of the practical next steps that are available.  


Log4Shell is changing our world - let’s make sure its for the right reasons. Opportunity is knocking on your door.


The secret life of Maven central

Conference
Build & Deploy

It’s just there. Just like the stars, just like electricity, just like Java.

In the Java world Maven central is the most important single service. You can get Java SDKs and even container images from various vendors but Java code comes from only one place: Maven central. 

Serving overt 10 billion requests a week, Maven Central is sooo boring, sooo reliable that it’s understandable that it’s mostly invisible. It’s just there.  


Recently though we’ve seen questions raised about the Java code that is hosted there. Other repositories have been experiencing unprecedented attempts to upload malware and even in the Java world there are significant vulnerabilities that some have called to be removed.

This talk is intended to give you the background into the history of Maven central, explain why Sonatype,( who are the stewards of Maven Central), provide such a critical service and what our philosophy is for dealing with problematic content. We’ll also explore how the service works under the covers, the API’s you might not be aware of and what’s coming up next.


Maven Central is not going away - but it might just get more exciting!



JAVA JEP'DY

Community Event
Java

Inspired by the original Jeopardy TV series, join us for a game where contestants have to use to guess the question from the clues given. For instance the clue “In Java 15 we said goodbye to this German rhinoceros”. might have the question “What is Nashorn”. Simple huh? Each successful answer scores points. Each wrong guess costs points. Winner takes all.


Join us for some fun.