Log4J Tales From the Trenches_ The State of Log4J Remediation

Presented by

Rhys Arkins Director Product Management & Tsaela Pinto Director of Software Engineering at WhiteSource

About this talk

The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were affected? How common were Log4j transitive dependencies compared to direct dependencies? How quickly were the best performing organizations able to find and fix Log4j vulnerabilities? What best practices can help an organization get through an exercise such as this quickly and easily? What factors cause some organizations to struggle more than others? What percentage of Maven packages are still vulnerable and still being downloaded? We will also demonstrate how to use the two free discovery and remediation tools that WhiteSource has provided.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (170)
Subscribers (14058)
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft