A report published today by automated application security testing platform ShiftLeft found only one in three applications has an attackable vulnerability. The report also found organizations that prioritized their remediation efforts based on the level of actual threat are fixing 76% of those vulnerabilities within two sprints lasting 12 days, on average. Based on millions […]
Report Finds Most Log4Shell Vulnerabilities Unpatched
A report published today by Rezilion, a provider of a platform for tracking and analyzing software vulnerabilities, found that despite all the attention the Java zero-day Log4Shell vulnerability attracted, it appears that nearly 60% of the affected software packages remain unpatched. Rezilion used Google’s Open Source Insights tool to scan open source software packages, including […]
Log4j: It’s All About the Supply Chain, Baby!
In 2021, the security story in DevOps and DevSecOps has been the supply chain. So, it’s only fitting that we are currently experiencing the mother of all supply chain issues with the Log4j Log4Shell RCE vulnerability to close out the year. I won’t waste your time rehashing what Log4j is, why it’s so dangerous and […]
Log4j: Is There Such a Thing as ‘Too Much’ Open Source?
The Log4j vulnerability got me thinking: Is there such a thing as too much open source? Before anyone immediately fires off a flaming email, rage tweet or scathing blog post, hear me out for a moment. If you know me, you know that I am an open source fanatic. I’ve been asked many times, “Should […]