Log4j Postmortem: Developers take a close look at the software supply chain…


Image: Adobe Stock/Andreas Prott

With so many security and development teams conducting post mortems on the Log4j vulnerability fiasco that unfolded in late 2021, just 10 days before Christmas, the key question is: how can we avoid this kind of pain in the future? Unfortunately, the answer is…it’s complicated.

SEE: Patch Management Policy (TechRepublic Premium)

According to new data from (ISC)2, the world’s largest nonprofit association of certified cybersecurity professionals, nearly half (48%) of cybersecurity teams gave up vacation time and weekends to help with remediation, and 52% of teams spent “weeks or more” . ” Recovery of Log4j. Not exactly how the already stressed developers wanted to spend the holidays.

On the positive side, the pain of this experience has led to a major rethink of software supply chain security among developers and security teams.

Fix vulnerabilities without breaking legacy code

One of…

Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.