At the turn of the millennium IT organisations had about 60 days to fix software vulnerabilities. That meant from announcement to widespread exploitation took about two months. Fast forward to 2022 and, well, it’s not good. Zero day vulnerabilities have come and gone. The world now has to learn how to deal with widespread exploitation happening before a fix is available.

In this session we’ll look at Cybercrime and its bigger more dangerous cousin: Cyber-warfare. W’ll explore the drivers behind the radical shift, the software arsenal available and how and why developers are both target and unwitting helpers. Using Log4Shell as an example will help us understand the basics of how we make software vulnerable and what we can do to reduce the risks.

Governments are beginning to understand the threat and new ideas and directives are emerging. However these have consequences for developers too.

The last 20 years has been a long wake-up call. The next 20 may see software development change beyond recognition.