A year after one of the most widespread security vulnerabilities in recent history was exposed, companies are still wrestling with how to patch the flaw — or with determining if they were affected at all.
, with funding from Microsoft and Google, to provide more security tools to open-source software developers, who often run their projects in their spare time and lack the resources to stay on top of security flaws.It's up to companies to put in the work to determine which systems are still running a vulnerable version of Log4j, Mark J. Cox, Apache Software Foundation vice president of security, told Axios.
Synack CEO Jay Kaplan told Axios that while some organizations continue to invest resources in sifting through their products to determine where vulnerable versions of Log4j could be, others aren't "taking it seriously." "This reinforces that certain software is critical and ubiquitous enough that it's everywhere and in places that people don't know about," said Dan Lorenc, founder and CEO of supply chain security firm Chainguard. "The unknown unknowns are the ones that are problematic here.""Unfortunately, we're still in a pretty bad place," Kaplan said. "These vulnerabilities are being taken advantage of all over the world. We have to do better.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Customers are going to pay more as central Pa. electric, gas companies raise ratesJust like everything else these days, paying for gas and electric might become more expensive for you this winter.
Read more »
U.S. blacklists companies for aiding Russian militaryThe Biden administration on Wednesday added 24 companies and other entities to an export control list for supporting Russia’s military or defense industrial base, Pakistan's nuclear activities or for supplying an Iranian electronics company.
Read more »
U.S. presses UN not to update list of companies operating in Israeli settlementsSCOOP: The Biden admin is pressing the UN's human rights chief not to update the list of companies operating in the Israeli settlements in the occupied West Bank.
Read more »
Congressional Report: Financial Technology Companies Fueled Billions in PPP FraudA congressional report has found that obscure financial technology companies 'with little to no oversight from lenders' have fueled rampant Paycheck Protection Program (PPP) fraud. The report estimates a total fraud of about $64 billion, with fintechs contributing significantly to that total.
Read more »
Five companies win California offshore wind energy leasesThe companies bid a total of $757.1 million for the 373,268 acres of ocean spaces where floating wind turbines can be erected to generate up to 4.5 gigawatts of electricity.
Read more »
This chart shows how companies have gone quieter on cryptoThere were 146 corporate conference calls mentioning cryptocurrency and other related terms in the first two months of the fourth quarter, below the counts seen in the first two months of the prior three quarters, data showed.
Read more »