Asset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain.
Report Finds Most Log4Shell Vulnerabilities Unpatched
A report published today by Rezilion, a provider of a platform for tracking and analyzing software vulnerabilities, found that despite all the attention the Java zero-day Log4Shell vulnerability attracted, it appears that nearly 60% of the affected software packages remain unpatched. Rezilion used Google’s Open Source Insights tool to scan open source software packages, including […]
4 Reasons Software Developers Need a Bill of Materials
The recent Log4j/Log4Shell vulnerability was a wake-up call that threats aren’t going to wait until the industry gets up to speed on software supply chain security. While the Log4j open source component vulnerability caught us all off guard, it did highlight the need for software vendors to be more proactive in disclosing the composition of […]
How to Mitigate Software Supply Chain Risks
As new vulnerabilities are discovered on a daily basis, DevOps teams must integrate security into the early stages of the development lifecycle and be vigilant about what elements are incorporated into their applications. The Log4J vulnerability has dominated the headlines since it was discovered in December and it continues to send shock waves through the […]
U.S. Govt. CX EO | Mozilla Revenue | Log4j Latest
In this week’s The Long View: Improving U.S. government CX, how much money Mozilla makes, and the latest on the Log4j/Log4Shell débâcle.