© Mapbox, © OpenStreetMap

Speaker

François Martin

François Martin

Senior Full Stack Software Engineer at Karakun

Brugg, Switzerland

Actions

François Martin is a senior full stack software engineer at Karakun AG, living in Switzerland. He is an active open source contributor and co-author of the two open source JavaFX frameworks WorkbenchFX and PreferencesFX, an active member of the Swiss Testing Board and he participates in the working group of Advanced and Expert level at ISTQB. He is also a co-author of the ISTQB Test Analyst v4.0 and upcoming Security Test Analyst syllabus.

Area of Expertise

  • Information & Communications Technology

Topics

  • Programming
  • functional programming
  • Programming Languages
  • Reactive Programming
  • Programming Languages & Frameworks
  • Pair Programming
  • General Programming
  • object oriented programming
  • Python Programming Language
  • Programming Languages and Tools
  • PROGRAMMING STUFF: Languages & Platforms
  • App Development
  • Application Security
  • Application Development
  • Application Architecture
  • Web Apps
  • Mobile Apps
  • Web Applications
  • progressive web apps
  • Developing Android Apps
  • mobile app development
  • Java
  • javafx
  • Java EE
  • JavaScript
  • Java & JVM
  • Java language
  • Java Concurrency
  • Java Performance
  • Java and Server-side
  • Java in the cloud
  • Enterprise Java
  • Core Java / Java SE
  • Enterprise Java / Jakarta EE
  • Modern JavaScript Frameworks
  • Security
  • IT Security
  • web security
  • Java Security
  • Data Security
  • Cloud Security
  • cyber security
  • Cloud App Security
  • Kubernetes Security
  • Information Security
  • Cyber Security basics
  • cybersecurity awareness
  • Cloud Security Architecture
  • Cybersecurity Threats and Trends
  • Cybersecurity Governance and Risk Management
  • InfoSec
  • DevSecOps
  • DevSecOps and GitOps in practice
  • Continuous compliance (DevSecOps perspective)
  • api security
  • Security & Compliance
  • AI and Cybersecurity
  • DevOps
  • DevOpsCulture
  • DevOps Skills
  • DevOps & Automation
  • DevOps Transformation
  • DevOps Agile Methodology & Culture
  • SecDevOps
  • Cloud & DevOps
  • Development
  • Developer Tools
  • Developer Relations
  • Developer Experience
  • Web Development
  • Mobile Development
  • Android Development
  • Backend Development
  • Software Development
  • Product Development
  • Front-End Development
  • iOS Software Development
  • Lean Software Development
  • Agile software development
  • Modern Software Development
  • Android Software Development
  • Web
  • Web API
  • Web APIs
  • Web Server
  • Web Design
  • Web Services
  • Web Frontend
  • Web Performance
  • Web Accessibility
  • Modern Web
  • Modern Web and UX
  • Architecture of Web-Apps
  • Architecture
  • Software Architecture
  • Frontend Architecture
  • Enterprise Architecture
  • Microservice Architecture
  • Event Driven Architecture
  • Angular
  • Angular Material
  • Enterprise Apps With Angular
  • Groovy
  • Apache Groovy
  • Kotlin
  • Kotlin Coroutines
  • Kotlin Multiplatform
  • Jetpack Compose
  • Testing
  • Test Automation
  • Testing Automation
  • Testing and Quality
  • Test-Driven Development
  • UI Testing
  • Pentesting
  • API Testing
  • Unit testing
  • Mobile Testing
  • Agile Testing
  • Software testing
  • Automated Testing
  • Quality & Testing
  • Continuous Testing
  • penetration testing
  • Performance Testing
  • Android Unit Testing
  • Load and Performance Testing
  • React
  • ReactJS
  • React Web
  • React Hook Form
  • React Development
  • React Testing Library
  • NextJS
  • TypeScript
  • JavaScript & TypeScript
  • Spring
  • Spring Boot
  • Spring Cloud
  • Spring Security
  • Spring Data JPA
  • Spring Framework
  • Spring Ecosystem
  • python
  • python3
  • Code Quality
  • Sofware Quality
  • software quality
  • Software Quality Assurance
  • Docker
  • docker-compose
  • GitLab
  • GitLab CI
  • GitHub
  • GitHub Apps
  • github-pages
  • GitHub Actions
  • Github Copilot
  • GitHub Codespaces
  • Continous Delivery
  • continuous delivery
  • Continuous Deployment
  • Continous Integration
  • Continuous Integration
  • Continuous Integration/Continuous Deployment (CI/CD)
  • Kubernetes
  • Kubernetes Deployments
  • Accessibility
  • Digital Accessibility
  • gitops
  • fluxcd
  • OpenAI
  • OpenAPI
  • open source
  • OpenTelemetry
  • Open Source Software
  • open source strategy
  • Postgres
  • PostgreSQL
  • CockroachDB
  • High-performance
  • High Availability
  • high performance code
  • High Availability and Scalability
  • Database Performance
  • Front End Performance
  • Observability and performance

Why Software Testing Is a Waste of Time

Testing software takes up a lot of time in the software development process, often the same time if not more than the time required for the development itself. Just like development, testing also requires continued maintenance efforts. This (rightfully so) makes a lot of people in different roles, be it managers, developers or even testers question whether or not that time effort is really justified. With more and more companies deploying every 10 minutes or even less start to wonder: why invest time in testing when you can rollback issues in a matter of seconds, in some cases even automatically?

Learn more about common pitfalls, time wasters, and what you can do to make your testing strategy more efficient in this talk!

As a software engineer and a member of the Swiss Testing Board, I’ve seen countless companies making the same testing mistakes that waste time and cause frustration. This talk is for developers and testers who feel like testing is a burden. I’ll share the most common errors I’ve encountered and show how to avoid them, making the testing process more efficient. Companies that follow these strategies have seen real success, and I want to help others achieve the same.
Recording: https://youtu.be/qQVhb3z244Q

The Art of Vulnerability Disclosure

Properly disclosing a vulnerability you found on a website, open source project, or app is not an easy task, especially not the first time. There are a lot of things to pay attention to and that can go wrong. But if done properly, it can be very rewarding, as most companies are very grateful. Whether you want to learn how to disclose your first vulnerability in the easiest way possible, or you want to hear about best practices and suggestions on what to do when things do not go as planned, this talk is for you.

While most vulnerability disclosures go smoothly, I've learned through experience—especially with my last disclosure—that things can get tricky when a company ignores your attempts to report a problem. I've found that some important steps aren't covered in most guides, and I’ve picked up tips that are rarely mentioned but really helpful. In this talk, I want to share those insights and make the whole process less intimidating for people who are new to it. I believe understanding how to disclose vulnerabilities properly can help more people get involved in improving security.

My responsibly disclosed CVE's:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1000529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36460

Slides: https://github.com/martinfrancois/devnexus-2024/blob/main/Devnexus_2024-The_Art_of_Vulnerability_Disclosure.pdf

Testing on Thin Ice: Chipping Away at Test Unpredictability

Ever tried to catch melting snowflakes? That's the challenge of dealing with flaky tests - those annoying, unpredictable tests that fail randomly and pass when rerun. In this talk, we'll slide down the slippery slope of why flaky tests are more than just a nuisance. They're time-sinks, morale crushers, and silent code quality killers.

We'll skate across real-life scenarios to understand how flaky tests can freeze your development in its tracks, and why sweeping them under the rug is like ignoring a crack in the ice. From delayed releases to lurking bugs, the stakes are high, and the costs are real.

But don't pack your parkas just yet! We're here to share expert strategies and insights on how to identify, analyze, and ultimately melt away these flaky tests. Through our combined experience, we'll provide actionable techniques and tools to make sure snow is the only flakiness you experience, ensuring a smoother, more reliable journey in software development.

I'm giving this talk together with Brian Demers as a co-speaker.
Recording: https://youtu.be/vJyY7x69p0Y

One Small Test for Man, One Giant Leap for Software Quality: Adopting Apollo’s Testing Principles

The Apollo missions did more than take humanity to the moon — they highlighted the essential role of testing in achieving ambitious goals. NASA's report, 'What Made Apollo a Success,' offers a detailed look at the testing strategies crucial to propelling the missions to success. This talk focuses on actionable insights from that report we can still use today. Find out how you can adopt the approach that landed astronauts on the moon to elevate software quality, making every test a launchpad for unparalleled reliability and performance.

Recording: https://www.youtube.com/watch?v=MCkrETQ7Esc

My code is faster than yours... let me prove it to you!

You stare at the notification on your screen, your heart sinking with each passing second. It is a pull request from your colleague, Lisa, asking you to review her code. You take a deep breath and click on the link, hoping for a smooth review process. Little did you know, this simple task would soon turn into a daunting challenge.

As you scan through the code, one particular line catches your attention — a regular expression. Immediately, you knew this was a problem waiting to happen. You leave a comment on the pull request, expressing your concerns about the regex. You point out that it is not only slow but also difficult to read and maintain. You suggest Lisa replace it with a more explicit block of code that achieves the same result, albeit at the cost of increased length.

Within minutes, Lisa responded to your comment, refusing to make any changes. She argues her regex is not only shorter but also just as easy to understand. She challenges you, stating she wouldn't change it unless you could prove your proposed solution was faster.

Your panic levels begin to rise. You have never done any performance comparisons before. You desperately search through your bookmarks, hoping to find something that could help you in this predicament. Then it strikes you — you remember François Martin will give a conference talk showing how to do microbenchmarking in Java using JMH, scheduled to take place in just a few days. It was like a lifeline was thrown to you. With renewed hope, you quickly register for the conference, eager to gain the knowledge you need to save this code review. You sigh in relief, marking the talk's date in your calendar with a red pen, counting down the days until the conference...

This talk is inspired by a real situation where I had to prove that my code was faster using JMH. Many developers wonder which code is faster, but they don't know how to test it properly. Unfortunately, a lot of examples online show how to use JMH incorrectly, which made me want to teach developers the right way.

Slides: https://github.com/martinfrancois/baselone-2024/blob/main/BaselOne-2024-My_code_is_faster_than_yours_let_me_prove_it_to_you.pdf

How your browser is snitching on you and how you can take control

With data now being "the new digital currency", knowing what data we share is more important than it was ever before.

The browsers we use every day reveal much more information than we would think when visiting websites. This makes it easy for websites to uniquely identify us as visitors, even without a login. Trying to protect ourselves against this could even make it easier for websites to identify us, which is a big dilemma.

This talk is about what the different browsers reveal to the websites we visit and what we can (or cannot) do about it.

After discussing this topic with various people, I've found that most are shocked to learn how much information their browser reveals without their knowledge. Privacy should be transparent, but browsers often keep users in the dark about the data they share with websites. This talk aims to raise awareness, empowering users to decide what data to share and advocating for more granular browser controls. By understanding the data your browser leaks, you can better protect your privacy and push for a more secure online experience.

Recording: https://youtu.be/YmV1rsc9L9E

How writing just one import the wrong way slows down your website

Tree shaking is a feature that is used by modern bundlers to keep bundle size down (and load times fast), but if just one import is written in a non-optimal way, this can result in the whole dependency being included in the bundle. In some cases, this even happens with automatically suggested imports by the IDE. Learn about the correct way of importing from dependencies, tricks you can use to easily determine the impact on bundle size, and why having a lot of dependencies may not be as bad as you think!

I once had a discussion with a coworker who feared that adding lodash as a dependency would bloat our bundle size. Confident in tree shaking, I tested it—only to find the entire lodash library included in our bundle! The culprit? A single import written in a non-optimal way, suggested by my trusted IDE. This experience opened my eyes to how crucial it is to write imports correctly. In this talk, I'll share how to avoid these pitfalls, optimize imports, and ensure your bundles stay lean and fast.

Recording: https://www.youtube.com/watch?v=WT-mIjeTzqc

From Bugs to Brilliance: Testing Toolbox in Action

What if I told you that there is an entire world of lesser-known, underutilized testing tools, libraries, and features waiting to elevate your testing game? You will see live demonstrations of a plethora of these hidden gems, carefully curated to empower you in unit, integration, and end-to-end testing. This includes both tools for Java backends as well as JavaScript / TypeScript frontends and some technology-independent tools.

As you absorb the knowledge and sharpen your skills, you will accumulate an impressive set of tools in your testing toolbox. However, a word of caution: your toolbox may grow heavy with all these new additions. You will leave this talk armed with newfound knowledge, but make sure you can still lift your toolbox by the end of it!

I talked to Philip Riecks at a conference, I mentioned some testing tools that it turned out he didn't know before but found very interesting, upon which he suggested to me to do a tool-focused talk for testing tools, as I knew quite a lot of them and how to use them effectively that others could benefit knowing from. Additionally, I was inspired by the talk "Java's Hidden Gems: Tools and Libraries" by "Johan Janssen", which is usually quite well-visited and which I enjoyed a lot.

Recording: https://youtu.be/frVv3P4oQFM

82 Bugs I Collected in a Year You Won’t Believe Made It to Production

This past year, I made it my mission to collect every bug I found while using everyday apps and websites. From small glitches to major problems, I ended up with a list of 82 bugs that somehow made it to production. These real-world examples are more than just interesting—they’re also embarrassing mistakes that teach important lessons for making software more reliable and improving how we test it.

In this talk, I will explain the different types of bugs I found and what they reveal about common mistakes in software development. I will also point out areas that are often missed but are crucial for your product’s quality.

By looking at these bugs together, I’ll show you how to avoid them and improve your testing so these issues don’t reach your users. Whether you want to make your code more reliable or improve your testing, this talk will give you practical tips for your next project. Join me to learn from the embarrassing mistakes even popular apps couldn’t avoid—and take-home strategies to prevent them in your software!

Rather than going through all 82 bugs one by one, I will group them into 5-10 key lessons, highlighting interesting and funny examples, along with consolidated statistics on the types of bugs. This approach will showcase important patterns and insights, making it easier for the audience to understand and apply what they learn. It also ensures the talk fits well within the session time while delivering valuable takeaways.

TestCon Europe 2025 Upcoming

Talk: "82 Bugs I Collected in a Year You Won’t Believe Made It to Production"

October 2025 Vilnius, Lithuania

JavaLand 2025 Upcoming

Talk: "82 Bugs I Collected in a Year You Won’t Believe Made It to Production"

April 2025 Adenau, Germany

Voxxed Days Zürich Upcoming

Talk: "82 Bugs I Collected in a Year You Won’t Believe Made It to Production"

March 2025 Zürich, Switzerland

Devnexus 2025 Sessionize Event Upcoming

March 2025 Atlanta, Georgia, United States

Devworld Conference 2025 Sessionize Event Upcoming

February 2025 Amsterdam, The Netherlands

NDC London 2025 Sessionize Event Upcoming

January 2025 London, United Kingdom

Voxxed Days Ticino 2025 Upcoming

Talk: "How writing just one import the wrong way slows down your website"

January 2025 Lugano, Switzerland

TestWarez 2024

Panel Discussion: "Integration of Testing and Development"

November 2024 Sopot, Poland

TestCon Europe 2024

Talk: "From Bugs to Brilliance: Testing Toolbox in Action"
Panel Discussion: "Mastering Test Automation: Strategies and Innovations"
Talk: "One Small Test for Man, One Giant Leap for Software Quality: Adopting Apollo’s Testing Principles"

October 2024 Vilnius, Lithuania

BaselOne 2024 Sessionize Event

October 2024 Basel, Switzerland

DiWoDo 2024

Online Talk: "Was dein Browser über dich verrät - 2024 Edition"

September 2024

CH Open Workshop-Tage 2024

Full day workshop: "From Zero to Continuous Deployment with GitLab CI"

September 2024 Luzern, Switzerland

Hands On Testing 2024 Sessionize Event

August 2024

Copenhagen Developers Festival 2024 Sessionize Event

August 2024 Copenhagen, Denmark

WeAreDevelopers World Congress 2024 Sessionize Event

July 2024 Berlin, Germany

DeveloperWeek Global 2024 Sessionize Event

June 2024

JCON EUROPE 2024 Sessionize Event

May 2024 Köln, Germany

Software Quality Days 2024

Talk: "Why Software Testing Is a Waste of Time"

April 2024 Vienna, Austria

Devnexus 2024 Sessionize Event

April 2024 Atlanta, Georgia, United States

JCON WORLD 2023 Sessionize Event

November 2023

DiWoDo 2023

Online Talk: "Was dein Browser über dich verrät - 2023 Edition" (German)
Recording: https://www.youtube.com/watch?v=yCf7jr3ytPY

September 2023

A4Q Global Testing Summit 2023

Online Talk: "Why Software Testing Is a Waste of Time"
Recording: https://www.youtube.com/watch?v=-McUTz5txb0

September 2023 Zürich, Switzerland

JCON EUROPE 2023 Sessionize Event

June 2023 Köln, Germany

DiWoDo 2022

Online Talks: "Was dein Browser über dich verrät" and "Sicherheit in Open Source" (German)
Recordings: https://www.youtube.com/watch?v=X0VY2w_5Ao8 and https://www.youtube.com/watch?v=awoesecxGFo

September 2022

SauceCon Online 2020

Talk: "1 Codebase, 2 Mobile Platforms: How to Test iOS and Android by Just Writing Tests Once"
Recording: https://www.youtube.com/watch?v=ElfbKHXRjKs

May 2020

JavaFX Days 2018

Presenting PreferencesFX and WorkbenchFX during the opening keynote
Recording: https://youtu.be/Lg6Hvj7_P14?si=WKL97xxwoipP9SGf&t=380

December 2018 Zürich, Switzerland

François Martin

Senior Full Stack Software Engineer at Karakun

Brugg, Switzerland

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top