think tank Atlantic Council, expect to discover more similar vulnerabilities. Taking the long view and the means to remediateĪccording to Dr.
#Apple open source getcwd implementation software#
“However, focusing exclusively on the risks posed by open source software could distract us from other important areas where we can address the security risks inherent in all software,” added Cisco’s senior vice president and chief security officer.
#Apple open source getcwd implementation code#
These efforts are essential and necessary to maintain the integrity of shared blocks of code across fundamental elements of the IT infrastructure,” Arkin said. “Cisco is a significant user and active contributor to open source security projects. “The truth is that all software contains vulnerabilities due to human design, integration and writing errors,” he further argued. Java logging software is widely used in services, websites, and enterprise and consumer applications, as it is an easy-to-use tool in client/server application development. As such, security researchers at Cisco Talos, believe that in the future, Log4j will be heavily exploited, and users should apply patches to affected products and implement mitigation solutions without delay. Log4j flaw: open source is not the problemĮxperts say it will take a long time and a lot of work to address the Log4j flaw and its impact.
“I don’t think open source software is at fault, as some have suggested, and it would be wrong to suggest that the Log4j vulnerability is evidence of a unique flaw or that open source software poses an increased risk,” Brad Arkin, Cisco’s senior vice president and chief security officer, told the committee. “In terms of the amount of online services, sites and devices exposed, the potential impact of this software vulnerability is immeasurable, and it puts all of our critical infrastructure, from banks and power grids, to government agencies, at risk of network breaches,” the senator added.Ĭisco security chief Brad Arkin wanted to defend open source software. “The Log4j vulnerability, which can be exploited by typing just 12 characters, is just one example of the serious threat that widespread software vulnerabilities, including those in open source code, or freely available code developed by individuals, can pose to national and economic security,” said committee chairman Senator Gary Peters (D-MI). The Senate committee asked experts to outline industry responses and ways to prevent future software exposures.īecause the Logj4 flaw affects open source software, experts have spent a lot of time advocating for the use of open source software in critical platforms. If exploited, the Log4j flaw gives an unauthenticated remote actor the ability to take control of an affected server system and gain access to corporate information or launch a denial-of-service attack. “Software supply chain security issues have been a concern for the cybersecurity community for years,” he said.Įxperts say it will take a long time and a lot of work to address the Log4j flaw and its impact. Senate Committee on Homeland Security & Government Affairs this week. international relations think tank Atlantic Council, at a hearing of the U.S. Trey Herr, director of the Cyber Statecraft Initiative at the U.S. “Open source is not the problem,” said Dr. Senate is now questioning the long-term impact of the serious vulnerability discovered late last year in the open source software Apache Log4j. They were united in refusing to cast aspersions on open source.Īfter the White House, the U.S. Senate committee, executives from Cisco, Palo Alto and Apache discussed the industry’s response to the Log4j vulnerability and potential future problems.
0 kommentar(er)
