Victims project for securing your Java project
David Jorm, from the Red Hat Security Response Team, will present on the Victims project. A project which you can use to scan your project libraries to see if they have any known security flaws, or CVE.
A CVE is an item in a list of known vulnerabilities in all software. It provides a common way for people from different organizations to identify a particular known vulnerability.
Often when building your own Java application, you will rely upon JAR files built and distributed by others. While the victims project can't tell you if your Java code contains security flaws (wouldn't that be cool?), it can tell you if you are relying upon a JAR that Red Hat has determined is vulnerable to a CVE.