Speaker Details

Steve Poole
Sonatype

Developer Advocate, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.

Log4Shell and SpringShell are just the vulnerabilities that managed to get everybody’s attention, but vulnerabilities that can be as harmful as them are discovered daily. Staying safe requires good tools and sound data. Getting that right can be a challenge


With real-life examples and up-to-the-minute analysis, this presentation will provide guidance on navigating the threat landscape, explaining how different types of attacks need different defenses and how that translates into specific actions that developers must take to reduce the chance of being compromised.  


Modern software security means being conscious of the choices made in selecting open-source components, tools, and vendors. This talk will teach you more about the tools, skills, and knowledge needed to be effective as well as show why learning to think critically about open source technologies and commercial tools alike will help reduce those sleepless nights.



More
A new hope for 2023? - what developers must learn next
Conference (BEGINNER level)
Room 10

Over the last 10 years we’ve seen cybercrime accelerate beyond all comprehension, We’ve seen the growing and relentless impact it has on our society and our economies. It’s taken a long time for the world to act but finally we’re coming together to resist this uniquely 21st century evil.


At the heart of the resistance are developers. Whatever role you have, whatever programming language or software you use - the battle is at your door.


In this session we’ll brief you on the state of the situation and what you can do to be more prepared: we’ll look at the bad guys and how they operate, we’ll examine recent legal and government responses and, most importantly, how the software industry is working together to create the tools, frameworks and education needed to help us all become the developers we need to be.

More