Java Deserialization: Running Faster Than a Bear

Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.



Two men are walking through a forest. Suddenly, they see a bear off in the distance, running toward them. Adrenaline pumping, they start running away. But then one of them stops, takes some running shoes from his bag and starts putting them on.

“Frank, what are you doing?” says the other man. “Do you think you will run faster than the bear with those?”

“I don’t need to run faster than the bear,” Frank replies. “I just have to run faster than you.”

This scenario repeats itself every time a new security vulnerability is discovered in a widely used open source component. Imagine the bear as your adversary. Rushing to attack when easy prey is present. Your response time is critical.

Sneakers on. Go!

For my complete story, please continue to Dark Reading http://www.darkreading.com/vulnerabilities---threats/java-deserialization-running-faster-than-a-bear/a/d-id/1325134



5 Steps to Improve Your Software Supply Chain Security


Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.

To improve management of component vulnerabilities, consider these five steps, which mimic a number of the supply chain management concepts originated by quality guru W. Edwards Deming to improve quality, accelerate feedback loops, and increase efficiencies of manufacturing operations. The same approaches are being adopted by organizations improving their own operations through the adoption of Continuous Delivery and DevOps processes:

1. Create a software bill of materials for one application: Visibility into one application can help you understand your current component usage. A number of free and paid services are available to help you create a software bill of materials within a few minutes. The bill of materials will help you identify the unique component parts used within your application and the suppliers who contributed them. These reports list all components used, and several services also identify component age, popularity, version numbers, licenses, and known vulnerabilities.

For more tips and my complete story, please continue to Dark Reading http://www.darkreading.com/vulnerabilities---threats/5-steps-to-improve-your-software-supply-chain-security/a/d-id/1325135



  • I don't really want to call it sluggish. Java's serialization technology makes it easy and intuitive to convert objects into a serialized representation. Each field is stored in a binary format individually. You could wish to find out a little better when performing and how to format certain fields, for example, when you want, you can save several fields in one byte. This would have a smaller size. - Ragnorrak 2 years ago
This post is locked
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ