Kelly Shortridge Verizon DBIR I think SBOM theoretically is helpful in particular for setting up monitoring and mitigations. Longest log4shell patches for us weren't where our developers used the library, but where we discovered it was bundled into various purchased appliances where we didn't own source.
See Marit van Dijk ☕️🥑 at #JCON2023 in Cologne talks about 'Keep Your Dependencies in Check'
If Log4Shell, Spring4Shell, etc. have taught us anything, it's that we need to keep…
Get your free #JUG Ticket: jcon.one
#Maven #Gradle Gradle #OpenSource #OpenRewrite
“When Log4Shell came in, the whole team stopped what they were doing and we dealt with that. I [was] on vacation that week. So vacation ‘bye-bye’ but that's my choice, right?” - Gary Gregory
bit.ly/3CdhpxA
#upstream2023
In this presentation, Dr. Tapabrata Pal (a) Describes three broad categories of enterprises based on their responses to #Log4Shell and (b) Identifies the key characteristics of each of these patterns.
Watch the #InfoQ video: bit.ly/42thPeq
#DevOps #OpenSource #Security
Currently infecting the I-80/90 toll road system with the #EICAR #antivirus test string and the #Log4Shell PoC string using my trusty QR code magnets! 😈
We’re kicking off an annual tradition at UpstreamOSS with a maintainer state of the union, featuring Gary Gregory, ceki ${jndi:ldap://${log4j1:is}.not.log4j2/}, and Jason R. Coombs. What’s it like being an open source maintainer in this post-Log4Shell world?
Join us live: bit.ly/3qsJtL5
#upstream2023
Tomorrow we'll take Indiana's I-80/90 toll route toward Chicago, displaying both the #EICAR #antivirus test string and the #Log4Shell PoC QR code magnets on the vehicle. Watch out, future DFIR aficionados!
It's time once again to haul the RV across Arizona & New Mexico on our way to Texas with both the #EICAR #antivirus test string and the #Log4Shell PoC QR code magnets on the hood & door of the truck. We sometimes must pull into truck weigh stations due to the huge RV!