The Digital Operational Resilience Act (DORA) is changing the cybersecurity and regulatory compliance landscape for financial institutions in the EU. In effect, DORA is now binding, with regulators shifting from guidance to active enforcement. For developers building or maintaining financial applications, understanding DORA’s requirements and how to meet them is essential.

In this post, we’ll break down what DORA is, why it's important and what it means for developers. You'll also get a glimpse on how to meet the regulatory requirements with your enterprise Java applications. 

PCI DSS cybersecurity requirements are relevant for all sorts of organizations, whether you’re a financial institution or a business with customers and transactions. And, while there are already many laws, regulations, and standards designed to protect personal data, this standard is particularly focused on card transactions. 

In this blog post, we explain the PCI-DSS, its standards, requirements, levels, and certification. 

Much like corporate offices, applications are critical assets at the core of modern business operations. As they hold valuable information by handling and processing data that support essential workflows, they are prime targets for hackers. As such, just as physical office spaces require security systems to protect valuable information and resources, applications need robust defenses to ensure data integrity, resilience and regulatory compliance. 

A secure environment relies on two complementary strategies: tools that identify vulnerabilities and proactive defenses that prevent cyber intrusions. Together, these approaches create a secure, robust framework that safeguards both the business and its users. Let’s explore how these essential strategies work and how they can deliver a synergetic effect in the context of application security. 

Companies sometimes contemplate migrating their enterprise Java applications to a different runtime to optimize costs, benefit from greater technical support, achieve better performance, scalability or new functionalities. However, when it comes to taking active steps towards implementing an alternative application server, many decide not to proceed. A recurring concern for multiple companies is whether such migrations can be done securely, without compromising data integrity or compliance with stringent regulations.

So, are application server migrations secure? How can teams ensure the right robustness and resilience measures are in place? Let’s dig in the world of runtime cybersecurity and migration planning.

One of the largest and longest-running Java conference, Devnexus 2025, is just around the corner and our Payarans are ready to bring cutting-edge insights to the event. If you’re a Java developer eager to explore the latest technology advancements and industry trends, this is an event you don’t want to miss!

The Common Vulnerabilities and Exposures (CVE®) Program is celebrating its 25th anniversary today! This marks a major milestone in global cybersecurity. Since 1999, the CVE Program has been critical in helping organizations identify, manage and mitigate cybersecurity vulnerabilities through worldwide collaboration. Today, with over 240,000 CVE Records and more than 400 CVE Numbering Authorities (CNAs) across 40 countries, CVE remains a vital resource for vulnerability management and a key component of cybersecurity defense.

The Eclipse Foundation is launching a new Open Regulatory Compliance Working Group on 24 September 2024. Payara Services is delighted to be a Participant member and the organization is keen to ensure as many development and security teams, small to medium-sized enterprises, and corporations as possible are aware of its work. And, of course, the more organizations that join the Open Regulatory Compliance Group, the stronger our impact can be. When we work together, we can better represent open-source software-related industries while the EU develops standards under the Cyber Resilience Act 2024 and subsequent data security compliance legislation.

In this blog post, we look at the history and development of the Eclipse Foundation as well as its new focus on cybersecurity compliance regulations through the new working group since July 2024.

Join us for an insightful webinar with Lenny Primak & Luqman Saeed, where we'll demystify security for your Jakarta EE applications using Apache Shiro.

Simplifying Security for Your Jakarta EE Applications with Apache Shiro

Wednesday, the the 4th of September, 4pm BST

Register: https://www.crowdcast.io/c/security-with-jakarta-and-apache-shiro

In an increasingly interconnected and digital world, it is no surprise that there has been a steady rise in the number and cost of security breaches over the last few years. To maximize the robustness and resilience of your applications and prevent any vulnerability from being exploited, it's important for companies to keep everything around their software up to date.

When it comes to application servers, it means using a modern, fully supported solution or upgrading to one quickly. With Java EE-based server runtime environments being outdated legacy software and lacking support, it is essential to migrate applications relying on these to favor an alternative, such as Jakarta EE, to safeguard your applications and data.

Introduction

Security is a paramount concern for modern web applications. Protecting sensitive data and user access necessitates a standardized approach. The OpenID Connect (OIDC) protocol, in conjunction with Identity Providers (IdPs) like Keycloak, and the Jakarta Security API integrated into Jakarta EE, offer a reliable solution. Together, they help streamline authentication and authorization in your Jakarta EE applications.