Krakow, Poland, 31 May - 2 June 2023

Steve Poole
Developer Advocate, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.

The cost of cybercrime is increasing at a staggering rate, poised to almost equal US GDP by 2027. Cybercrime syndicates are becoming more and more professional with really elaborate scams to get your data and money. One of the latest trends in the weaponisation of open-source and the poisoning of real repositories to infect real software.

In order to ensure a safer ecosystem and that our supply chain is protected, we can take advantage of the latest developments:

  • SBOM - for transparency for both our dependencies and dependents
  • Reproducible Builds - for having the mechanisms to double-check the builds we use
  • SigStore - the new development in terms of signing builds.

During the current presentation, we will give an update related to the state of the threats, especially with the latest development related to the war in Ukraine. In the second part, we will dive into the solutions provided by each of the mentioned points and how they fit into the picture of hardening the supply chain.

Based on real-world examples, focused on automation and alerts at scale.

Tools like Syft, Bomber, Grype and Sonatype BOM doctor will be used.

Hidden security features of the JVM - everything you didn’t know and more
Conference (BEGINNER level)
Room 1

Java 17 announced the depreciation of the Security Manager (which is ok since hardly anyone used it) but that doesn’t mean the JVM leaves you vulnerable.

Many design features in the JVM and the JDK are there to help keep your application safe from harm.

In this session, we’ll walk through these points - from compiler to bytecode to runtime and give you a refresher on how to get the best from these features. We’ll also look at new things in the works, compile-to-native consequences and even some off-the-wall “it’s just an idea” thoughts about how to make the JVM an even more secure environment.


Ticket prices will go up in...


You missed out!

Venue address

ICE Krakow, ul. Marii Konopnickiej 17


+48 691 793 877


Social Media