When the log4j vulnerability was first identified in late 2021, the Cybersecurity and Infrastructure Security Agency responded very rapidly, including giving all federal agencies less than a week to identify and patch all their affected systems, and coordinating a nationwide response to encourage the private sector to do the same.

But the vulnerability is likely to dog agencies and the private sector alike for years. There are at least two reasons for this: First, it targets the logging systems that myriad developers have used; second, it’s so widely used because it’s open source – developers just grabbed it, inserted it, and trusted it. One software supply chain company estimated that one out of every four log4j downloads is still vulnerable today.

Join us as thought leaders from government and industry discuss how log4j affected their operations, how they responded, and what steps they are taking now to be prepared for the next widespread vulnerability.

We’ll Discuss:

• Review the weaknesses in the open source system that allow identified vulnerabilities to go unaddressed
• Delineate steps to take to find where open source code is being used in current systems and confirm they do not need patches
• Outline the best practices agencies should follow to get ready in advance for future attacks through flawed open source code