Tag: Spring4shell

DevSecOps Cisco Chronosphere observability, data collection, Observe Google Splunk ServiceNow Logz.io observability Web3 developers CodeSee Survey Surfaces Slow But Steady DevSecOps Progress

WhiteSource Offers Free Spring4Shell Vulnerability Tool

Mike Vizard | April 4, 2022 | application security, application vulnerability, devsecops, SBoM, Spring4shell

WhiteSource has launched a free command-line interface (CLI) tool that detects vulnerable open source Spring4Shell vulnerabilities (CVE-2022-22965) that are impacting Java applications built using the Spring development framework. Susan St. Clair, director ...

Fixing Spring4Shell Starts With Software Supply Chain Management

Mitch Ashley | April 1, 2022 | devsecops, java, open source software, Software Supply Chain, Spring, Spring Core, Spring4shell

Spring4Shell is the latest call to action for radically improved software supply chain integrity. While Spring4Shell investigations continue, one conclusion is indisputable: We must holistically rethink the way we continuously inventory and ...