The Apache Software Foundation has had a rough time recently. First there was the Log4j 0-day. Then the patch (2.15.0) they released for that had a vulnerability of its own. Not long after, two serious (one high, one critical) flaws in their web server project. Unsurprisingly, some have used these issues as an argument for why open source is less secure than commercial counterparts. If we’ve learned anything since the initial Log4j disclosure, it’s the importance of software integrity -- but software integrity is not achieved via exclusion of open source tools from enterprise use. Join this panel of industry experts who will debate the issues of software vulnerabilities, the challenges of software integrity, and the future of open source.
Broadcast on
in Webcasts
Log4j, Apache, and the Future of Open Source Software
April 14, 2022 | 11:00 AM PT | 2:00 PM ET
Contributors
Doug Burks
Founder and CEO, Security Onion
Dr. Kelley Misata
Founder and Chief Trailblazer, President, Sightline Security, Open Information Security Foundation (OISF/Suricata)
Ed Moyle
Partner, SecuirtyCurve
Chris Wysopal
Co-Founder & Chief Security Evangelist, Veracode
Lenny Zeltser
CISO, Axonius
DevSecOps & Application Security Hackers & Threats Open Source Tools
application security DevSecOps exploit of vulnerability hackers & threats patch vulnerability & configuration management secure coding software code vulnerability analysis software integrity zero day vulnerability
Share With Your Community