Foojay.io | Friends of OpenJDK and Java Programming cover art

Foojay.io | Friends of OpenJDK and Java Programming

Foojay.io | Friends of OpenJDK and Java Programming

By: Foojay.io | Java and Programming Community
Listen for free

Summary

 Foojay.io is your go-to programming community podcast, connecting developers with the latest in Java, OpenJDK, JVM, and open source tools. We bring together Java professionals worldwide to share insights, tools, and news in the vibrant Java programming ecosystem.Foojay.io | Java and Programming Community Education Politics & Government
Episodes
  • Is Your Java App Actually Secure, Or Does It Just Look That Way? (#95)

    Is Your Java App Actually Secure, Or Does It Just Look That Way? (#95)
    May 9 2026

    Is your Java application actually secure, or does it just look that way? In this episode of the Foojay Podcast, Frank is joined by Steve Poole and David Welch, both from HeroDevs, to dig deep into the state of Java security in 2025 and beyond.

    Steve introduces the concept of zombie dependencies: end-of-life libraries that appear safely dormant but are quietly accumulating vulnerabilities waiting to bite you. David, a co-chair of the CVE Automation Working Group, explains what a CVE actually is, how the identification and disclosure process works in practice, and why AI tools like Mythos are dramatically accelerating the pace at which new vulnerabilities are found — on both sides of the wall.

    Together they cover how CVEs in the Java runtime are handled through coordinated disclosure, why Maven Central is safer than most ecosystems but not a silver bullet, and what insurance companies are starting to demand from organizations that haven't cleaned up their dependency trees. They also discuss practical steps any Java developer can take today, from generating an SBOM and running Snyk or Trivy, to adopting OpenRewrite and Renovate in your pipelines, and why vibe coding with AI tools may be quietly making your security posture worse if you are not reviewing the dependency choices being made for you.

    A candid, occasionally alarming, and ultimately optimistic conversation about a problem the Java community is well-positioned to lead on.


    Steve Poole

    • LinkedIn
    • Foojay Author profile
    • Crossing the River Styx: Spring Boot 3.5 and the Zombie Dependency Problem
    • Why Java Developers Over-Trust AI Suggestions


    David Welch

    • LinkedIn


    Content

    00:00 Introduction of topics and guests
    04:00 What are Zombie dependencies?
    05:36 What are CVEs?
    11:39 How Mythos and other AI tools are influencing the CVE reporting process
    16:53 How CVEs in the Java runtime are handled
    21:30 How the industry is looking at the increased security threats
    30:17 Developers need to make better decisions "the first time" and use the right tools
    31:42 Keep your OS, JVM, and dependencies up-to-date! Insurance companies will force you...
    44:48 How "safe" is Maven Central compared to other repository systems
    50:48 What you can do as a Java developer to make your apps safer
    59:01 Should we be scared for the following years and be careful with vibe coding?
    01:04:27 Conclusion
    Show More Show Less
    1 hr and 6 mins
  • More Than a Blog: How Foojay Connects, Sustains, and Evolves the Java Community (#94)

    More Than a Blog: How Foojay Connects, Sustains, and Evolves the Java Community (#94)
    May 2 2026
    Foojay.io, the website for the Friends of OpenJDK, is turning six years old. To celebrate, Frank Delporte headed to JCON in Cologne, Germany, and sat down with twelve members of the Java community to talk about what Foojay means to them, what they learn from each other, and how the community is evolving.Foojay is more than a blog. It is a Mastodon server, a Slack community, the Disco API, a book on sustainability, a podcast, and now an education catalog. Six years in, it is still growing, still community-driven, and still very much a place where anyone who works with Java is welcome.00:00 Introduction02:16 Sharat Chandarhttps://www.linkedin.com/in/sharatchander/Java community and historyWhat you can learn from conferences and articles05:37 Markus Westergrenhttps://www.linkedin.com/in/markuswestergren/https://foojay.io/sustainability-for-java-developers/https://foojay.io/today/join-slack-com-t-foojay-signup/Book "Sustainability for Java Developers"How to "sustain yourself" in this strange-AI-changing-world09:46 Iryna Dohndorfhttps://www.linkedin.com/in/iryna-dohndorf/https://foojay.io/today/author/iryna-dohndorf/Mentoring about sustainability as a developer + groundness + robustness skillsHigh performance without crushing your soul13:59 René Schwietzkehttps://www.linkedin.com/in/reneschwietzke/https://foojay.io/today/the-curious-case-of-different-runtimes-with-different-training-data-jit/Diving deep into the runtime, JITWatchAbout the broad mix of topics handled on Foojay18:28 Gerrit Grunwaldhttps://www.linkedin.com/in/gerritgrunwald/ https://foojay.io/today/author/gerrit-grunwald/https://foojay.io/today/disco-api-helping-you-to-find-any-openjdk-distribution/https://sdkman.io/The Disco API, the source with all the available OpenJDK distributions, is used by SDKMAN, Gradle, and many other toolsAbout the many distributions that are available, even ones that are mainly (and only) used in Asia27:45 Catherine Edelveishttps://foojay.io/today/author/catherine-edelveis/https://www.youtube.com/watch?v=Ytdo8OGEYFIhttps://foojay.io/today/which-java-runtime-should-you-use-in-production-comparing-openjdk-distributions/Reducing Docker sizes improves security and performanceMany distributors provide builds of OpenJDK31:16 Jago de Vreedehttps://foojay.io/today/author/jago-de-vreede/About the Java community and the place of Foojay in it. What is good, what are we missing?SDKMAN, creating an UI for it, and using the many OpenJDK distributions35:05 Annelore Eggerhttps://www.linkedin.com/in/anneloredev/https://foojay.io/?s=eggerJava community, conference volunteering, mentoringHow to become a conference speakerLearn by teaching38:03 Buhake Sindihttps://www.linkedin.com/in/buhake-sindi/https://foojay.io/today/author/buhake-sindi/https://github.com/langchain4j/langchain4j-cdiJakarta EE, LangChain4J CDI, Agent to AgentImpact of AI on developer life and sustainability44:03 François Martinhttps://www.linkedin.com/in/fran%C3%A7oismartin/https://foojay.io/today/author/francois-martin/https://foojay.io/today/eliminating-flaky-tests-to-end-world-hunger/https://foojay.io/today/five-ways-to-use-gradle-enterprise-to-identify-and-manage-flaky-tests/Learn from mentoring, for example, how to earn from opensourceFoojay author, just published an article about Flaky tests48:18 Dominika Tasarz-Sochackahttps://www.linkedin.com/in/dominikatasarz/https://foojay.io/today/author/dominika-tasarz/https://foojay.io/today/join-slack-com-t-foojay-signup/https://foojay.io/today/how-to-submit-your-next-article-on-foojay-io/The future of Foojay, how can we get the community even more involvedWhat you can learn from the community51:18 Geertjan Wielengahttps://www.linkedin.com/in/geertjanwielenga/https://education.foojay.social/Java communities are everywhereHow Foojay started and grewHow can contributing to the community influence your career58:15 Conclusion
    Show More Show Less
    1 hr
  • Update Your JDK, Read More Code, and Talk to Your Users: Interviews From VoxxedDays Amsterdam (#93)

    Update Your JDK, Read More Code, and Talk to Your Users: Interviews From VoxxedDays Amsterdam (#93)
    Apr 11 2026
    In this episode of the Foojay Podcast, we're bringing you something special: a full batch of hallway-track conversations recorded live at VoxxedDays Amsterdam.Fifteen guests, one conference, and one theme that kept coming back, whether we planned it or not: Java has grown up quietly, steadily, and in ways that still surprise people who haven't looked lately. We talked about migrating between versions, new features in the latest Java releases, authorization done right, AI-assisted coding, cryptography, containers, open-source contributions, GDPR data experiments, and, yes, the things people hate about Java but secretly love.I spoke with Ko Turk, who organized this very conference, Johannes Bechberger, Lutske de Leeuw, Aicha Laafia, Marit van Dijk, Adele Carpenter, Patrick Baumgartner, Sohan Maheshwar, Jeroen Egelmeers, Erwin Manders, Alexander Shopov, Maarten Verburg, Arjan Tijms, Joost Kaan, and Stephan Janssen.That's a lot of people. That's a lot of opinions. And somehow, they mostly agree: update your JDK, read your code, and please talk to your actual users.Content00:00 Introduction00:30 Ko Turkhttps://www.linkedin.com/in/ko-turk-b271b929/Organizer of VoxxedDays AmsterdamMigrating between Java versions02:25 Johannes Bechbergerhttps://www.linkedin.com/in/johannes-bechberger/Java is boring, and that's why it's brilliantJava 26 test it, but not in productionJFR improvements in the latest versions06:28 Lutske de Leeuwhttps://www.linkedin.com/in/lutske/Volunteer at the conferenceJava is boring, and that's why it's brilliantJava 5 till 26 evolutions10:35 Aicha Laafiahttps://www.linkedin.com/in/aicha-laafia-0266a6126/Lambda stream gatherers in Java 25Simpler and more fun codeUpdate your JDK!16:16 Marit van Dijkhttps://www.linkedin.com/in/maritvandijk/Fun in coding, write Java the playful wayJava evolutions and how writing code has evolvedImportance of code reading with AI-assisted coding22:04 Adele Carpenterhttps://www.linkedin.com/in/adele-carpenter-a988623a/The things I hate about Java, but actually love it27:37 Patrick Baumgartnerhttps://www.linkedin.com/in/patbaumgartner/Organizing VoxxedDays ZurichSpring Boot optimizationUsing Buildpacks to create better containers35:02 Sohan Maheshwarhttps://www.linkedin.com/in/sohanmaheshwar/Authorization, the good wayJWT is a bad idea38:34 Jeroen Egelmeershttps://www.linkedin.com/in/jegelmeers/https://craftingaiprompts.org/documentation/se-framework/craft-frameworkAI, prompt engineering, agentic programmingThe CRAFT Framework: Orchestrating Agentic FlowThe importance of interacting with your end-users43:32 Erwin Mandershttps://www.linkedin.com/in/erwinman/Cryptography, digital signatures, and securing data and messagesComparing Kotlin and Java45:12 Alexander Shopovhttps://www.linkedin.com/in/alshopov/Developer at UberComparing different languages: Java, Python, GoHow Java is modernizing by learning from other languages49:18 Maarten Verburghttps://www.linkedin.com/in/maartenverburg/Using your own GDPR data for fun experimentsComparing early Java with the current statusJava Streams the most important change52:35 Arjan Tijmshttps://www.linkedin.com/in/arjantijms/https://omnifish.ee/Jakarta Faces, Security, Authentication and Authorization, EE,...Jakarta specs are used in SpringHow Java evolved and is still evolvingHow can you contribute to opensource59:55 Joost Kaanhttps://www.linkedin.com/in/joost-kaan/What you can learn at a conference, besides the expected language-related talksAI influences on the developer workContributing to the Java community, AI user group01:03:52 Stephan Janssenhttps://www.linkedin.com/in/stephanjanssen/https://geniebuilder.ai/The importance of the "Hallway Track" where you can chat with like-minded peopleUsing AI-assisted spec-driven codingTalking to your end-user becomes more important than ever01:09:00 Conclusion
    Show More Show Less
    1 hr and 9 mins
adbl_web_anon_alc_button_suppression_c
No reviews yet