The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy

  • 📰 WIREDScience
  • ⏱ Reading Time:
  • 67 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 30%
  • Publisher: 55%

South Africa News News

South Africa South Africa Latest News,South Africa South Africa Headlines

The critical vulnerability is buried among endless open-source code, and many cyber experts are stumped.

To help frazzled IT professionals understand whether they needed to do anything, CISA provided a five-step process, with three substeps, two verification methods, and a 12-part flow chart diagram with multiple routes and three outcomes . As of early January, federal agencies had

The statement shifted the calculus of risk and liability for businesses. Threatened with legal action, they feel compelled to act. The challenge, though, is finding out whether they’re affected. Others disagree. “Part of the chaos is that all of these big supply chain issues can cause a disjointed effort at remediation,” says Katie Moussouris, founder and CEO of Luta Security, a cybersecurity consultancy. “So I do think the FTC’s pressure is important.”

Such issues are likely to disproportionately affect small and medium businesses, he says—and make it nigh-on impossible to fix easily.has found that around 30 percent of the consumption of Log4j is from potentially vulnerable versions of the tool. “Some companies haven’t got the message, don’t have the materials, and don’t even know where to start,” says Fox. Sonatype is one of the companies that provide a scanning tool to identify the issue, if it exists.

The problem emerges when companies don’t know they use Log4j, because it’s used in a small section of a brought-in application or tool they have no oversight over, and don’t know how to start looking for it. “It’s a bit like understanding what iron ore went into the steel that found its way into the piston in your car,” Glass says. “As a consumer, you have no chance of figuring that out.”

 

Thank you for your comment. Your comment will be published after being reviewed.
Please try again later.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

 /  🏆 385. in ZA

South Africa South Africa Latest News, South Africa South Africa Headlines