Session
Application Security/Software Assurance

Is Open Source Software (OSS) Too Open to Vulnerabilities? Cybersecurity Facts and Perceptions Considering Log4J

Monday, September 26
10:15 am - 11:05 am EDT

The Log4J issue greatly increased awareness and concerns on the cybersecurity risks of Open Source Software (OSS). Not only was the Log4J software extremely widely-adopted, but it had worldwide code contributors and no centralized support - these attributes apply to nearly all OSS. This raised broad concerns on whether the risks associated with OSS had been under-appreciated. C-level executives were concerned to learn that there wasn't a 'single throat to choke' to hold contractually responsible. Cybersecurity professionals realized that Log4J exposed weaknesses related to the lack of rapid and complete understanding of all underlying software package dependencies (some up to 9 levels deep). Cybersecurity professionals need to separate the facts from fears and have a comprehensive understanding of the strengths and weaknesses of using OSS.

InfoSec World
presented by
Stay Informed
Join our mailing list for the latest news on InfoSec World 2022.