Online / 5 & 6 February 2022


Java Security: Log4J, the SecurityManager, and Funding

A demonstration of log4j exploits, which defenses people tried, and which worked. We'll cover how groups responded effectively to patch to see what was common. We'll also look at open source funding models, subscriptions, and bug bounty programs to see why it's sometimes hard to donate.

This talk will use actual exploit code that takes over systems through their log messages to open calculators.


Photo of Erik Costlow Erik Costlow