Connect with us

Tech

Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

Published

on

With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s fairly obvious to understand why the Log4Shell CVE is being treated as a DEFCON 1-class situation. To add salt to the wound, many of the tools leveraged by Security, Ops, and Development teams are ill suited to respond to this crisis. Here at Contrast, we have already heard from several customers about how they are forced to run complicated, custom scripts, and advanced queries to understand what applications are running vulnerable versions of Log4j, if they’re using the vulnerable class, and if patching is even viable. Just recently Sándor Incze, CISO at CM.com said, “We were able to analyze whether our own built software would be vulnerable to the Log4j zero-day…” Mr. Incze is not alone in this regard. Software Composition Analysis (SCA) tools that live in the code repository are heavily over-reporting instances of log4j as evidenced by Contrast Co-Founder and Chief Scientist, Arshan Dabirsiaghi, where he presented data showing that only 37% of Java applications actually invoke log4j2. 

The post Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response appeared first on Security Boulevard.

Article: securityboulevard.com

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Humanity Has Turned Land Itself Into a Menace

Published

on

All of our meddling has primed Earth to collapse under cities and belch greenhouse gases, a nasty feedback loop that’s accelerating global warming.

Original Article: wired.com

Continue Reading

Tech

75 Years On, the Doomsday Clock Keeps Ticking

Published

on

The iconic graphic of a timepiece originated as a nuclear warning. It updates its time on Thursday amid threats like climate change and pandemics.

Original Article: wired.com

Continue Reading

Tech

This Is the Real Voice Behind Siri

Published

on

Siri’s voice is probably one many of us are familiar with. Many iPhone users speak to Siri on a daily basis, but have you ever wondered where Siri’s voice comes from? While these days Apple uses fancy machine learning and computer speech to generate Siri’s tone and inflection, back in the virtual assistant’s early days, her voice was based on … Continue reading

Source: slashgear.com

Continue Reading

Trending

Top100Biz.com