Sign up to save your podcasts
Or
Share Log4j Vulnerabilities: All You Need to Know and How to Protect Yourself - Ep 26
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Log4j Vulnerabilities: All You Need to Know and How to Protect Yourself - Ep 26
Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
View all episodes
By Reimagining Cyber
5
1919 ratings
Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
More shows like Reimagining Cyber - real world perspectives on cybersecurity
View all
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
CyberWire Daily
1,006 Listeners
Modern War Institute
766 Listeners
Smashing Security
310 Listeners
Click Here
406 Listeners
Malicious Life
926 Listeners
Darknet Diaries
7,876 Listeners
Cybersecurity Today
167 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners