Java Security Resource Center
JavaOne 2015 runs from October 25 - 29th in San Francisco, CA. The call for proposals is currently open through April 29th (inclusive). This is the third year for a dedicated Security track at Java One and last year it experienced strong attendance. As we look to expand the breadth of the track we'd like to invite you to make a submission on this, or any of the many other topics. Submit your talk.
Developers creating secure applications with Java should familiarize themselves with the following resources:
The Advanced Management Console helps system administators manage old Java versions by which applications need which older Java version. The Advanced Management Console decreases the attack surface of those older versions by limiting their exposure and maintaining compatibility with known-safe applications.
System Administrators are responsible for running Java applications in a secure manner, following principle of least privilege, and staying up to date with Java’s secure baseline (either for standard Java SE or the Server JRE).
End Users running Java on their computers only need a few steps to verify and understand Java security on their devices:
Security Professionals performing system auditing, threat modeling, architecture, or code reviews of Java applications should familiarize themselves with Java’s security architecture and API documentation.