This session demystifies the CVE lifecycle for Java developers.
We'll explore how vulnerabilities are discovered, scored via CVSS, and disclosed through responsible processes.
You'll learn about major vulnerability databases (NVD, GitHub Advisory, OSS Index), their differences, and which security tools rely on each source.
The practical half equips you with remediation strategies using automated tools like Dependabot, Renovate, and IDE integrations.
We'll tackle the challenge of transitive dependencies in Maven and Gradle with hands-on techniques for resolving conflicts.
Finally, we'll discuss framework (Spring, Quarkus, etc) End-of-Life situations with the different options available.
Walk away understanding the entire vulnerability ecosystem, implementing automated dependency updates in CI/CD pipelines, handling dependency conflict resolution, and developing pragmatic approaches to framework EOL scenarios.
This talk transforms security from a burden to a competitive advantage for intermediate developers, DevOps engineers, and technical leads working with Java applications.