Insights and updates on Java SE and OpenJDK from the Java Platform Group Product Management Team

  • April 27, 2016

JavaOne 2016 Call for Proposals

Guest Author

JavaOne 2016 has opened its Call for Proposals to speak at the conference.
This year, security topics take place in the Core Java Platform track.

Speaker Proposals must be submitted by May 9th. The conference itself takes place from September 18-22 in San Francisco. Accepted speakers will receive a gratis pass to attend.

Before each JavaOne conference, we receive a number of great submissions from Java community members around the globe, about different security topics. Our review committee also tries to call attention to help solicit interesting proposals and guide speakers. If you are familiar with running or coding Java and want to speak at JavaOne, consider applying your expertise to the following areas:

  • Architecture & Analysis – how should security architects and developers build/integrate applications to evaluate and verify security?
    • How does this change for green-field versus inherited applications?
    • How should you build and maintain a threat model of an application and its environment? (bonus for breaking a threat model down into JDK 9 jigsaw modules)
    • What is the importance of library code, and how/when/why should it be updated? What are strategies to test compatibility?
    • When micro-services are connected, how does that impact trust boundaries?
  • Development – how can developers evaluate and test their own applications?
    • Code analysis (both for what you write and use)
    • Penetration testing or scanning of Java applications
    • There are many different secure development standards frameworks. What are they and how can they be used to test applications?
  • Operations – when running Java, what are the proper strategies for configuring, managing, and upgrading JVMs?
    • What are strategies between minor versions (e.g. 8uA to 8uB) and major versions (e.g. from JDK 8 to JDK 9)? How is the compatibility guide used?
    • What are monitoring strategies to analyze JVM security events? What are connections between current logging frameworks and/or the planned Unified Logging API for JDK 9?
    • How should a JVM or Java web server be tuned to achieve an A+ rating on SSL Labs? What about TLS for non-HTTPS uses, such as JDBC?
      For helpful tools, see Diagnosing TLS, SSL, and HTTPS as well as Deep Violet.
  • Other ideas – there are many great ideas in the Java ecosystem, so please submit yours!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.