|
A software bill of materials lists the “ingredients” in a software product, making it easier to identify and avoid security risks
Unless you’ve been living under a rock the past few years, you’ve likely at least heard of Log4j. This is an Apache open source library that’s commonly used in just about everything Java-related online. Unfortunately, in late 2021 the logging package was discovered to be critically vulnerable to remote code execution attacks, meaning an attacker could exploit it to install malware (e.g., ransomware) onto vulnerable systems and inject larger networks.
Cloudflare CEO Matthew Prince reported on Twitter that there were 400 confirmed exploit attempts per second. But that’s just one estimate — according to The Washington Journal, Akamai Technologies said it observed 10 million such exploit attempts per hour. Research from Check Point also showed that the attackers were rolling out new variants of the exploits — more than 60 in under 24 hours.
That’s a lot of exploits and a lot of variations to boot. Considering that the Log4j vulnerability affected major companies like Amazon, Apple, and IBM, it’s no surprise that it had companies globally worried.
But what makes the situation particularly concerning is that many companies weren’t aware that the products they use contained such vulnerable elements. If only there was a way that organizations could know exactly what components are part of the software they use… Oh, wait, there is: they could use products that come with a software bill of materials (SBOM).
But what is a software bill of materials and how can it help organizations mitigate some of the cyber risks facing their organizations and networks?
Let’s hash it out.
The post SBOM: An Up-Close Look at a Software Bill of Materials appeared first on Hashed Out by The SSL Store™.
Read More »
|
