Steve Springett, who leads software security for ServiceNow in their product security team, is an open-source software (OSS) advocate and is also passionate about helping organizations reduce OSS associated risk. In this podcast episode Springett explains the Log4j vulnerabilities and their potential exploit. He also shares the process enterprises need to take to respond to OSS incidents and how some of the OWASP projects he is involved in can be used to mitigate OSS and software supply chain risks. Links to the resources we discuss are below:OWASP Dependency-Track project: https://dependencytrack.org/OWASP CycloneDX: https://owasp.org/www-project-cyclonedx/OWASP Software Component Verification Standard (SCVS): https://owasp.org/www-project-software-component-verification-standard/Vulnerability Exploitability eXchange (VEX): https://blog.adolus.com/what-is-vex-and-what-does-it-have-to-do-with-sboms

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.