AJUG Member Community

We provide an open access list for AJUG and Java-related topics.

  • You must subscribe in order to post.
  • Suitable content includes ONLY Java technical questions. Please respect your peers and use common sense when you post.

To subscribe, send an email message to with “subscribe” in the subject.

To unsubscribe, send an email message to with “unsubscribe” in the subject. You must unsubscribe from the same email address under which you subscribed. So if you are changing providers or jobs, remember to unsubscribe before you make the move.

Posting a Message

To post a message, simply send it to


AJUG Meetup

Not all JARs are created equally

October 18th, 2016

Hate those e-mails “are you using some_vulnerable.JAR or some.vulnerable.class” on a project you or nobody has touched in years then your eyes dry over looking at the dependency hierarchy of an old project?

Well, hate no more! Understanding that not all JARs are created equally is the first step in realizing there is consternation. The only constant is change in Open Source and keeping up with versions, CVEs, industry trends, etc could be a burden especially as team members move on. So many dependencies in a modern JAVA project one would need a warehouse to store all these parts [*cough* your artifact repository].

Having supply chain discipline when consuming Open Source can help answer the “where” and “what” an enterprise has deployed. Applying supply chain principles and data beyond your CMDB would have insight to. Makes Dev & Ops happy driving Open Source adoption and visibility.

Also, will be providing an update from last year’s AJUG talk on State of Open Source Software Supply Chain.


Holiday Inn Atlanta-Perimeter/Dunwoody

4386 Chamblee Dunwoody Road,
Atlanta, GA (map)

AJUG Tweets

Follow @atlantajug on twitter.

Recent Jobs