An Interactive Exploration of the Log4J Vulnerability

Presented by

Matt Schwartz, Senior Software Security Engineer

About this talk

The recent disclosure of a severe vulnerability impacting Log4J — an extremely popular Java open source logging library — has sparked a five-alarm fire in the security world and beyond. Not only is Log4J used in countless applications across the world, but programs that use a vulnerable version of the library are subject to remote code execution. FOSSA will share insights into the Log4J vulnerability, including a live demo of the vulnerability being exploited and a look at how you can use our free CLI to identify if you’re using potentially vulnerable dependencies. We’ll also discuss: -Log4J background: how the vulnerability came into existence and the mechanics behind it -The wide-ranging impact of the vulnerability -Remediation strategies: version upgrades and beyond

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (31)
Subscribers (3323)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.