3rd Party Risk Management , Critical Infrastructure Security , Governance & Risk Management

OnDemand | Log4j’s Impact on Software Supply Chain Management

OnDemand | Log4j’s Impact on Software Supply Chain Management

Studying software engineering practices from 100,000 production applications and 4,000,000 open source component migrations, Sonatype uncovered eye-opening behaviors in modern software development, including a surprising trend that nearly 70% of dependency management decisions are suboptimal.

Understanding these migration paths, helps make sense of part of the panic that ensued when a zero-day vulnerability was disclosed in the world’s most widely adopted logging framework, Log4j. If you weren't automating software supply management and weren't paying attention to your dependencies, you were left incredibly vulnerable.

Along with studying production applications, as the stewards of Maven Central, Sonatype teams have monitored download data, ensuring the world has reliable information on the latest Log4shell trends.

In this talk, we will share insights from 2021 software supply chain research along with lessons learned from Log4j to break down how to change your software supply management practices for a more secure SDLC.

Webinar Registration

Coming Soon

Request to be notified when this webinar is made available OnDemand.

Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.