Cross-Build Injection attacks are a completely new class of attacks that take place at build time. In this presentation (which was presented at JavaOne 2012) I show what the problem is and what can be done about. As always, security doesn't come for free: you'll have to work to get it right!
(unfortunately, some graphics got mangled by the SlideShare conversion. Sorry!)