The Log4j vulnerability was fixed and patched 2 years ago but companies are still reeling from it today. Many do not understand the impact radius of the security threat in their codebase, much less know what to do when they find one. Vulnerable Log4j versions continue to be downloaded unchecked from the central repository and percolate into production, where Day 0 events continue to simmer. While this has prompted fresh cybersecurity regulations in the software supply chain for better tooling, what does this topic mean to you?
Join Rik Turner and Michelle DiPalma as they closely examine this issue and discuss ways to curate your own repository of trustworthy, open source software to stay compliant.
In this webinar, we’ll discuss:
- Ways to build resiliency for a software supply chain that your users can trust
- How to understand risk profiles and dependencies beyond software composition analysis
- Automated storage and index and query security documentation for each pull request
- Prioritize vulnerabilities and direct remediation in the integrated development environment (IDE) from a system of record
Michelle DiPalma
Principal Product Manager, Red Hat
Michelle DiPalma is a Principal Product Manager for Red Hat’s Trusted Profile Analyzer, part of Red Hat Trusted Software Supply Chain. She brings 15 years of experience designing, implementing and administering a wide range of Unix systems solutions for the financial industry. Having extensive experience working on and with security teams gives her a unique perspective on pain points that developers, platform engineers, architects, and security teams face regularly. Currently, she is focused on bringing insight and innovation to Red Hat products in the software supply chain space.
Rik Turner
Senior Principal Analyst, Informa PLC
Rik Turner is a senior principal analyst in Omdia's IT security and technology team, specializing in cybersecurity technology trends, IT security, compliance, and call recording. Rik has worked on Omdia's financial services technology team, with a specialization in capital markets technology. Prior to joining Omdia, he worked as an IT journalist, specializing in networking and security. He also worked as a foreign correspondent in Brazil, where he worked for the Financial Times and The Economist.