jvm
Safeguard articles tagged "jvm" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Implementing TLS in Java applications: keystores, trust managers, and protocol pinning done right
One overridden checkServerTrusted() method disables certificate validation for an entire Java app — and it still ships to production more often than most teams admit.
Bytecode vs. source analysis: static analysis techniques for Java and Kotlin
SpotBugs scans compiled .class files for 400+ bug patterns; Semgrep parses source directly. Neither alone would have caught CVE-2015-7501 fast enough.
Java SecurityManager is gone: a practical migration guide
JEP 411 deprecated the Security Manager in JDK 17; JEP 486 disabled it outright in JDK 24, released March 18, 2025. Here's how to migrate before it's removed for good.
Reachability Analysis for Java: A 2026 Deep Dive
Java reachability under classpath reality: reflection, Spring autowiring, shaded JARs, Log4Shell, and what modern tools actually resolve versus over-approximate.
JRuby Supply Chain Considerations
JRuby sits at the intersection of the Ruby and Java supply chains, and the security story reflects both. A look at how JRuby's dual nature affects gem security and what defenders should know.
Maven Release Plugin Hardening
The Maven Release Plugin is the oldest piece of release automation most Java shops still run. A look at the hardening steps it usually needs.
Gradle Version Catalogs Security
Gradle version catalogs centralise dependency versions in one file. The security payoff is concrete: auditability, uniform enforcement, and a single PR gate.