[Napc-2018] Yesterday’s vulnerability attacks, are not today’s vulnerability attacks.
Sonatype Team
events at sonatype.com
Wed Jun 1 07:36:33 UTC 2022
Vulnerability Speed 🏎💨 0 - 60 in Two Days
Seesaw-recolor-1 (https://www.sonatype.com/e3t/Ctc/Q+113/cdrCy04/VW67l_1BvmmnVPXgvg6ST6JFW4zFhY94KN22BN7bK3013pdskV1-WJV7CgNYHW4R9JTM7wBqNCN3x0-RZlmBhwN3jwHX55yt2YW8M0y_j3w_xNlVlkdQD4wNnrcW8zQHrG6j79WBN45h3JZjfdFdW1CZ8tt2yWSW0N79Fzs2Yrf6jW4cK_H21VLhFCW7kZ6vD5TmlzDW4zmWzm44njv8W1g2K3r58f3WJN6b5vw6wY87nW3WCdcp8rnCrXW1YY73T6C-zzvW6rL7r92ZdqQnW827xhK2qJCbZW59hTDV1t7L9WW5Sflx95pQ_D8N64mqN9NsN9LW9lHrLD10Cs0kW7v3LR23KdvlRW68CNB490jWfPW2Mb5q25TdRdRN3R7_rLXGZX1W8xpWjB1SB9zNW6D507p3zxzGGW41ccjs17HxnDW882PFC1c35np3nfW1 )
Nearly nine years ago, the Apache Struts vulnerability gave insight into the risk of using open source components.
Today, major vulnerabilities are occurring more frequently with exploits like Log4j in 2021 (triggered much?) and Spring4shell in 2022. Trends are showing that it now takes just two days from the time of exposure for attacks to occur across the ecosystem.
Then we must account for targeted attacks that are becoming increasingly creative with new-age, malicious tactics like typosquatting, brandjacking, dependency confusion, and project hijacks. Breaches in the public and private sectors are possible every day. Just think about the fallout from the Solarwinds attack.
With this shift in the industry and an introduction of federal action against software-related attacks, there’s a need to reevaluate the landscape of the easily shareable and often targeted open source arena. The more we know, the better we’ll be able to keep them secure for everyone upstream and downstream.
PART 3: A SHIFTING INDUSTRY (https://www.sonatype.com/e3t/Ctc/Q+113/cdrCy04/VW67l_1BvmmnVPXgvg6ST6JFW4zFhY94KN22BN7bK2_L5TqkwV3Zsc37CgWzgW1l3tnm50hJyXW3BzF0b4l0BNDW7-LTrZ3hTy4CW6XLwDw4DldpKW7SZDMr5945T4W1lQdLX9lYb6gW1-t1md7Y3sWSW7sNkgq7v6dmyW6nLDy46ykXFKVFk75c1RwrBvW2ZD7pd7QrrGGN5brNVyhYMRFW400JQQ2XR_wYW3Tcj4h7lSBPvVtH_RD1z6lkxW5x2X5J2cScT3W2QFFKr3rW1KKW5gsFNX8Q-ND9W71RqJf1Zm346W9j_n7h1tBh74LPxSklPnyTW2J8x7m8r3yr9W8dLNsK5fRk-wW2PCRYk984cP4W8H6Hh22YRk99W4VbkF72CXFcTN2fDvxbHWDM5W77l6305yk4SMW7q16bw195ZDSN2-5TzxsX9jMW6Byt3-8ZzrN1W24n0583yQ5R_W5TMnvf2nrK50W42VNjf5QlXyhW9lf0NF6VkvS6W1sjvmv3CZwc1W7BDfzM4gFxmHW7qGnsb1wNLPVW5kXnJX5H_3BXN41qtrxszcYPW1mPhdb7WQKmkW3s4zcT19CydPW6RtHtP2LyKXDW1RXyvb70Z3rd3lz-1 )
SON_logo_white at 2x copy 250 (https://www.sonatype.com/e3t/Ctc/Q+113/cdrCy04/VW67l_1BvmmnVPXgvg6ST6JFW4zFhY94KN22BN7bK2-y3pdqSV1-WJV7CgBpjW97HRMl3DJ9t9W8CxPRm5Zr4xzVcQZbp6YV7s1W6ZFKTK3J2PmMW4Fz8TB52z6GtW5frsKd2CtKx6W19rNvN6_3WFFW1GPT_356ndpVW1PWgyz3tsfDwV9DtVF4G3rNzW47080B2ZYQz8W3dgktF57bfNgW2HtZnH80wv_5W6shzvh2F68xTW5Y848y5xtsM3W1gVWNv4xgDFqW2xSh-57Mj-3BN4pRTypXHbZTW5H5StQ2tfk-8W6M7nVy1ntTjQ3b8G1 )
Sonatype Inc. 8161 Maple Lawn Blvd #250 Fulton MD 20759 United States
You received this email because you are subscribed to Sonatype Resource Emails from Sonatype Inc..
Update your email preferences (https://www.sonatype.com/hs/manage-preferences/unsubscribe?languagePreference=en&d=Vnchfr77H5dMW41PGhf1G9tDhW22_qC_3H64g0N1JxwY5WH5ZFN1fk4d_kM0s2W5Dj5RF83yJw2W5t0BQ06FpX1qW3ByT3_6t6JLFMGKd_P20N82W8ZLtpL1vX1N3W37Lh4z3F6dfR4JWmC1&v=3&_hsenc=p2ANqtz-9ZdEPTK6LT94l9VA8_ZO5I7zksBzJmES-636e49TiHmElw_EMVQhX8jpt_CK4trxN2awv4iccu0C4Fq2lN_4iigBzZMQ&_hsmi=214852128 ) to choose the types of emails you receive.
Unsubscribe from all future emails (https://www.sonatype.com/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=Vnchfr77H5dMW41PGhf1G9tDhW22_qC_3H64g0N1JxwY5WH5ZFN1fk4d_kM0s2W5Dj5RF83yJw2W5t0BQ06FpX1qW3ByT3_6t6JLFMGKd_P20N82W8ZLtpL1vX1N3W37Lh4z3F6dfR4JWmC1&v=3&_hsenc=p2ANqtz-9ZdEPTK6LT94l9VA8_ZO5I7zksBzJmES-636e49TiHmElw_EMVQhX8jpt_CK4trxN2awv4iccu0C4Fq2lN_4iigBzZMQ&_hsmi=214852128 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/napc-2018/attachments/20220601/56d211c6/attachment-0001.htm>
More information about the Napc-2018
mailing list