Season 1 · Episode 87
Next 2022 Log4j Reflections, Software Dependencies and Open Source Security
Cloud Security Podcast by Google · Anton A Chuvakin
October 10, 202226m 36s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
- Dr Nicky Ringland, Product Manager for Open Source Insights, Google
Topics:
- Let's talk Open Source Software - are all these dependencies dependable?
- Why was log4j such a big thing - at a whole ecosystem level?
- Was it actually a Java / Maven problem? Are other languages "better" or more secure?
- Is another log4j inevitable? What can organizations to minimise their own risks?
Resources:
- Google Cloud Next 2022
- Open Source Insights at deps.dev
- Blog at blog.deps.dev with posts on Understanding the Impact of Apache Log4j Vulnerability and what happens After the Advisory
- Assured Open Source Software service