For some time (10yrs?) I’ve been trying to improve the default security posture of Java developers.

Although I and a few others (notably Brian Vermeer) have been socialising the subject, providing education .. even trying to scare developers :-) I didn't feel that we’ve made an enormous difference.

Since my greybeard is heading towards white I’d like to try one more time to move the needle and find a way to help developers understand their responsibilities, the threats and the tools available.

To do that I’d like everyones help in creating a bandwagon that developers will want to jump on. It's a bandwagon that will include the safety advice I need them to hear but made part of a bigger movement.

My objective is to create a checklist of actions, attitudes, skills, advice etc that will be compelling enough for developers to follow The world is a much scarier place then when I started talking about security and with the addition of AI and a whole bunch of legislation developers are heading for a loud wake-up call.

How the world produces software is changing, much more rigor and control is heading our way.

Excuses for doing development poorly (whether driven by management or just laziness / lack of skills by the developer etc ) are evaporating fast.

Let's help by pooling our knowledge and experiences. I want to raise the bar on what it takes to be the best Java developer and make that bar something that others will want to aspire to Hence the title of this website and book.

We don't know if thi is ultimately the right approach but we're starting here.

— Steve Poole