Java is everywhere. According to Oracle, it’s on 4 billion devices and counting.

As we’ve seen with vulnerabilities like Log4Shell, keeping up to date with patches is critical, but each time you do, it’s an opportunity to break your code or let a new vulnerability in.

How do you decide what to patch and what to ignore?

In this talk, you’ll learn about Java vulnerabilities in general: what a ‘vulnerability’ actually is, how they are discovered, reported, managed, assessed and fixed as well as hearing a little about the specifics of attack vectors and bad actors.

Understanding how to choose your dependencies more wisely to reduce your exposure and keep your application working is a skill we all need to grow - start here to begin that journey.