Jforum #110 - Log4j incident & cURL

We are excited to announce a meetup hosted at Mojang

Agenda:
17:30 Doors open, light food and drinks

18:00 What the log4j incident taught us about Secure by Design
Using Secure by Design as a guiding principle, we reason about what was the fundemental problem of the log4j incident "Log4Shell" that hit hard in december 2021. The vulnerability hit the IT world like a Lousianna Slugger, and similar will hit again. But the problem is not just the frameworks, but also how we design our applications. Even if a framework becomes vulnerable, the applications need not to be possible to exploit.
So, what do we do? We walk through a few designs and design principles and see what this incident can teach us about how systems should be designed.
Dan Bergh Johnsson, Omegapoint

18:50 cUrl is everywhere
curl is a ubiquitous Internet transfer engine. More specifically it is an open
source client-side library for doing internet transfers specified as URLs.
Created for the fun of it in the 1990s it has gradually found its way into
virtually all Internet-connected devices on the globe. This is the story of how curl conquered the world.
Daniel Stenberg is the founder and lead developer of the curl project

19:35 After the talks, those who want to mingle and have a drink can follow us to a pub nearby!

Speakers :
Dan Bergh Johnsson, Omegapoint
Agile aficionado; Domain Driven Design enthusiast; code quality craftsman, with a long time interest in security. The combination made Dan use quality practices from DDD to address application security issues - thus coining "Domain Driven Security" together with John Wilander around 2009. Author of Secure by Design.

Daniel Stenberg is the founder and lead developer of the curl project
Daniel Stenberg is the founder and lead developer of the curl project. He is an open source software developer, actively participating in several
networking related projects. He has worked on HTTP implementations for over twenty-five years, been involved in the IETF for fifteen years and worked on the HTTP stack in Firefox for several years at Mozilla. Daniel is the author of the widely read documents "HTTP2 explained" and "HTTP/3 explained". He was awarded the Polhem Prize in 2017. Employed by wolfSSL. When not in front of a computer, Daniel likes to play floorball and spend time with his family.