‹ All episodes

Reimagining Cyber - real world perspectives on cybersecurity

Log4j Vulnerabilities: All You Need to Know and How to Protect Yourself - Ep 26

December 29, 2021 Reimagining Cyber Season 1 Episode 26
Reimagining Cyber - real world perspectives on cybersecurity
Log4j Vulnerabilities: All You Need to Know and How to Protect Yourself - Ep 26
Info
Reimagining Cyber - real world perspectives on cybersecurity
Log4j Vulnerabilities: All You Need to Know and How to Protect Yourself - Ep 26
Dec 29, 2021 Season 1 Episode 26
Reimagining Cyber

Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes

Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com