Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: cymbeline
I'm in the middle of a large scale port of support systems that run on Linux and Windows to a microservices architecture wrapped in Docker containers, deployed in kubernetes clusters and hosted in "the cloud". Lots of the server side code was built with Java and took a hit in recent weeks with the log4jShell remote control execution flaw. It took 4 passes for the library itself to be patched to a secure state. Finding all the places where it was used and updating those vulnerable systems has been a huge distraction, but a necessary evil to patch.

Our customer demands security scans of all software that will be delivered for use and a clean bill of health from a security perspective. The tools we use are maintained by a reputable supplier that keeps the scanner up to date with all the published vulnerabilities and adds heuristics to look for additional flaws. Anything flagged must be fixed before delivery.

22 posted on 01/31/2022 9:26:06 PM PST by Myrddin
[ Post Reply | Private Reply | To 13 | View Replies ]

To: Myrddin

“The tools we use are maintained by a reputable supplier”

Ah but human accidents and sabotage happen so, well, it’s job security for you guys. Multiple cats chasing multiple mice, huh?

What percentage of security breaches begin with human error?


23 posted on 02/01/2022 4:55:40 AM PST by cymbeline
[ Post Reply | Private Reply | To 22 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson