It’s been over a year since the SolarWinds supply chain hack sent shockwaves through thousands of organizations worldwide, but this cybersecurity earthquake is by no means over. More recently we’ve seen aftershocks fueled by the Log4Shell and Spring4Shell vulnerabilities, which impacted organizations using the Log4j library and the Spring Core framework. We had seen supply chain attacks before, but 2021 was the year they really took off. As was the case in the Spring4Shell and Log4j attacks, the use of open-source solutions has increased the risk. They’re ubiquitous in almost every form of software development and often developed at speed, leaving gaps in security. This means that if there are any vulnerabilities within open-source components, the impact will massive. To securely develop, manage, and maintain a software supply chain, you must understand and have visibility of all the links.
Full story : Recovering from a cybersecurity earthquake: The lessons organizations must learn.