Source: thenewstack.io
After Log4j Remediation: What to Do on Day 2
https://www.linkedin.com/in/joshbressers With the worst of the Log4j emergency behind us and remediation underway, it’s time to think about what’s next. Day 1 is the day we deploy the solution.
We first need to acknowledge that vulnerable versions of Log4j and many other software components still exist in our software supply chains.
Now, with the recent pain of Log4j front and center, it’s time to establish and improve Day 2 processes that embed software supply chain security into the way we build and use software applications.
For Day 2, we must employ SBOMs as part of an end-to-end software supply chain management process so that we can minimize the disruption of the next zero-day exploit.
We first need to acknowledge that vulnerable versions of Log4j and many other software components still exist in our software supply chains.
Now, with the recent pain of Log4j front and center, it’s time to establish and improve Day 2 processes that embed software supply chain security into the way we build and use software applications.
For Day 2, we must employ SBOMs as part of an end-to-end software supply chain management process so that we can minimize the disruption of the next zero-day exploit.
Related Articles
Community Partners
DevOps Careers