Search Results for: Log4j
You searched for Log4j - DevOps.com
How to Leverage Defense-in-Depth to Prepare For the Next Log4j
How prepared was your firm to handle the Log4j vulnerability that was announced in December 2021? The best firms were prepared and loaded for bear, and they completely mitigated and remediated their ...
Log4j’s Impact on Software Supply Chain Management
In studying software engineering practices from 100,000 production applications and 4 million open source component migrations, Sonatype uncovered some eye-opening behaviors in modern software development. One surprising trend: Nearly 70% of dependency ...
Lessons Learned From the Log4j Exploit
The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And, while the dangers of the Log4j vulnerability ...
Log4J Tales From the Trenches: The State of Log4J Remediation
The announcement of a Log4j vulnerability sent security and development teams into a tailspin—not once but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and ...
How Log4j Becomes a Serious DevOps Problem
The recent discovery of the Apache Log4j vulnerability has wide-ranging implications for anyone who develops software, especially for those in the DevOps realm. What’s most troubling about the vulnerability (CVE-2021-44228) is how ...
Log4j: It’s All About the Supply Chain, Baby!
In 2021, the security story in DevOps and DevSecOps has been the supply chain. So, it’s only fitting that we are currently experiencing the mother of all supply chain issues with the ...
Log4j: Is There Such a Thing as ‘Too Much’ Open Source?
The Log4j vulnerability got me thinking: Is there such a thing as too much open source? Before anyone immediately fires off a flaming email, rage tweet or scathing blog post, hear me ...
Log4j Puts Effective IT Operations at Center Stage
News of the Apache Log4j vulnerability exploit is striking fear into the hearts of both software makers and users. Log4j is the most popular Java logging service used today, with over 400,000 ...
Facing the Log4j Vulnerability Head-On: The Risk and the Fix
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not ...
U.S. Govt. CX EO | Mozilla Revenue | Log4j Latest
In this week’s The Long View: Improving U.S. government CX, how much money Mozilla makes, and the latest on the Log4j/Log4Shell débâcle ...
SBOMs Are ‘Da Bomb’ for Identifying Threats in Your Software
Did your software team scramble when the Log4j vulnerability became public? Was it easy for your team to identify the different versions used in all your software projects? Are you ready for ...
Summit Highlights Open Source Software Security Progress
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023 ...