Last week, we announced the new edition of the Virtual Payara Conference, going live on Tuesday the 8th of July (REGISTER HERE), where we'll help you discover some practical strategies for your Java journey.

The new edition of Virtual Payara Conference is coming on the 8th of July 2025 and this time it's all about discovering practical strategies for your Java journey – whether you use Jakarta EE, Spring, or Quarkus! 

PCI DSS cybersecurity requirements are relevant for all sorts of organizations, whether you’re a financial institution or a business with customers and transactions. And, while there are already many laws, regulations, and standards designed to protect personal data, this standard is particularly focused on card transactions. 

In this blog post, we explain the PCI-DSS, its standards, requirements, levels, and certification. 

Companies sometimes contemplate migrating their enterprise Java applications to a different runtime to optimize costs, benefit from greater technical support, achieve better performance, scalability or new functionalities. However, when it comes to taking active steps towards implementing an alternative application server, many decide not to proceed. A recurring concern for multiple companies is whether such migrations can be done securely, without compromising data integrity or compliance with stringent regulations.

So, are application server migrations secure? How can teams ensure the right robustness and resilience measures are in place? Let’s dig in the world of runtime cybersecurity and migration planning.

Building on the foundational insights from our previous Cyber Resilience Act (CRA) sessions earlier in the summer, this free webinar will update you on the next phase of cyber resilience by moving beyond mere compliance with the Cyber Resilience Act.

From Compliance to Competitive Advantage: Strengthening Cyber Resilience
 10am GMT, 13th of November 2024

Join Julia Apostle (Orrick) and Steve Millidge (Payara) to learn actionable steps for aligning your cyber resilience initiatives with future regulations and innovations, ensuring your organization is prepared to not only meet legal requirements but also drive sustainable, long-term security.

The EU’s Cyber Resilience Act (CRA) 2024 lays down a “legal framework for essential cybersecurity requirements for placing products with digital elements on the Union market” (CRA, 1). These requirements cover “products with digital elements”. The goal is to establish conditions for developing secure software. Software venders must take security seriously thought the entire SDLC. Consequently, the intention is that “hardware and software products are placed on the market with fewer vulnerabilities and that manufacturers take security seriously throughout a product’s lifecycle” (CRA, 2). 

This blog post will answer some basic questions, based on our understanding of the Act. What is the new Cyber Resilience Act in the EU? What is the key focus of the Cyber Resilience Act and who does it affect? When will the EU Cyber Resilience Act come into force? How do software venders comply with its requirements? Are there obligations for other parties too? And does Payara help its customers to comply with their requirements under the Act? 

We're super excited to announce the third edition of the Virtual Payara Conference! This December we will be focusing on Powering High-Performance Enterprise Java Applications.

• Strategic Insight - Wednesday 11th December 2024, 1-6:30pm GMT - REGISTER HERE

• Developer Insight - Thursday 12th December 2024, 1-7:00pm GMT - REGISTER HERE

Join Day 2 of the Virtual Payara Conference where we will delve into the latest Jakarta EE 11 developer features with hands-on sessions, including Unpoly for single-page apps, OpenID Connect, and OpenAI integration. End the day with career advice and a Java User Group Community panel.

The Common Vulnerabilities and Exposures (CVE®) Program is celebrating its 25th anniversary today! This marks a major milestone in global cybersecurity. Since 1999, the CVE Program has been critical in helping organizations identify, manage and mitigate cybersecurity vulnerabilities through worldwide collaboration. Today, with over 240,000 CVE Records and more than 400 CVE Numbering Authorities (CNAs) across 40 countries, CVE remains a vital resource for vulnerability management and a key component of cybersecurity defense.

The Eclipse Foundation is launching a new Open Regulatory Compliance Working Group on 24 September 2024. Payara Services is delighted to be a Participant member and the organization is keen to ensure as many development and security teams, small to medium-sized enterprises, and corporations as possible are aware of its work. And, of course, the more organizations that join the Open Regulatory Compliance Group, the stronger our impact can be. When we work together, we can better represent open-source software-related industries while the EU develops standards under the Cyber Resilience Act 2024 and subsequent data security compliance legislation.

In this blog post, we look at the history and development of the Eclipse Foundation as well as its new focus on cybersecurity compliance regulations through the new working group since July 2024.

In an increasingly interconnected and digital world, it is no surprise that there has been a steady rise in the number and cost of security breaches over the last few years. To maximize the robustness and resilience of your applications and prevent any vulnerability from being exploited, it's important for companies to keep everything around their software up to date.

When it comes to application servers, it means using a modern, fully supported solution or upgrading to one quickly. With Java EE-based server runtime environments being outdated legacy software and lacking support, it is essential to migrate applications relying on these to favor an alternative, such as Jakarta EE, to safeguard your applications and data.