When the log4j vulnerability was first identified in late 2021, the Cybersecurity and Infrastructure Security Agency responded very rapidly, including giving all federal agencies less than a week to identify and patch all their affected systems, and coordinating a nationwide response to encourage the private sector to do the same.
But the vulnerability is likely to dog agencies and the private sector alike for years. There are at least two reasons for this: First, it targets the logging systems that myriad developers have used; second, it’s so widely used because it’s open source – developers just grabbed it, inserted it, and trusted it. One software supply chain company estimated that one out of every four log4j downloads is still vulnerable today.
Join us as thought leaders from government and industry discuss how log4j affected their operations, how they responded, and what steps they are taking now to be prepared for the next widespread vulnerability.
Speakers:
Sara Nur - Associate CIO; Chief Information Security Officer, IRS
Solomon Adote - Cheif Security Officer, Delaware Department of Technology and Information
Willie Hicks - Public Sector Chief Technology Officer, Dynatrace
John Breeden II - Moderator & Contributing Editor, FedInsider