Tag
jep-290
Safeguard articles tagged "jep-290" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
Java deserialization gadget chains explained
One 2015 talk and a tool called ysoserial turned ordinary Java libraries into remote code execution chains — here's how gadget chains work and how to stop them.
Jul 13, 20266 min read
Industry Analysis
Insecure Deserialization Prevention in Java with Deserial...
Java deserialization RCEs still hit production years after JEP 290 shipped filters. Here's how JEP 290/415 filters work, common rollout mistakes, and how Safeguard closes the gaps.
Oct 21, 20257 min read