webtechie.be_
~ / podcasts / podcast

Is Your Java App Actually Secure, Or Does It Just Look That Way?

FR
Frank Delporte · May 11, 2026 · 1 min read

Your Java app passes the build, the tests are green, and the dashboard looks fine. But are the libraries underneath still maintained, or are they quietly collecting vulnerabilities? In this episode we dig into “zombie dependencies”, the CVE process, and the small habits that make a real difference. I host Steve Poole and David Welch from HeroDevs for Foojay Podcast #95.

What we talked about

  • What zombie dependencies are and why end-of-life libraries pile up risk
  • How CVEs get reported, scored, and published
  • How AI tools like Mythos change the speed of CVE discovery
  • How Java runtime CVEs land and what teams do about them
  • The current security threat picture across the industry
  • How developers actually pick tools and make trade-offs
  • Keeping the OS, JVM, and dependencies up to date
  • Whether Maven Central is a safe place to pull from
  • Concrete actions developers take to improve security
  • The risks of “vibe coding” with AI assistants

Why it matters

Security is not a single fix. It is a steady set of choices about what we depend on, how we update it, and how we react when something breaks. This conversation puts names and numbers on the parts that are easy to ignore.

See the Foojay Podcast #95 for all info, shownotes, links, etc.

#podcast#foojay#java#security