Log4Shell: A Case Study in Responding to OSS 0-Day Attacks

Presented by

Matt Schwartz, Senior Software Security Engineer

About this talk

In the hours, days, and weeks following the disclosure of the Log4J zero-day vulnerability, FOSSA’s security engineering team implemented a comprehensive plan to help our customers respond. Senior software security engineer Matt Schwartz helped lead these efforts, working hand in hand with customers to minimize the vulnerability’s impact. Join Matt on April 13 for an inside look at FOSSA and our customers’ response to Log4Shell — and how the lessons we learned can help your organization prepare for the next zero-day vulnerability. He’ll discuss: -How Log4Shell impacted FOSSA customers -Strategies to mitigate vulnerabilities in direct and transitive dependencies -The biggest lessons we learned -Steps you can take now to prepare for the next zero-day vulnerability
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.