VULNERABILITY ASSESSMENT AND MITIGATION
Download Log4Shell report – VULNERABILITY ASSESSMENT AND MITIGATION
How the role of open-source maintainers could be professionalized, as the maintainer who fixed the log4j zero-day says he works on the project in his spare time — Open Source software runs the Internet, and by extension the economy. This is an undisputed fact about reality in 2021.
New zero-day exploit for Log4j Java library is an enterprise nightmare
Software Security: Building Security
This books explains how to introduce the security into the SDLC; how to introduce abuse cases and security requirements in the requirements phase; and how to introduce risk analysis (also known as Threat Modeling) in the design phase and software qualification phase. I really think that each software developer should at least read the first chapter of the book where the authors explain why the old way of securing applications (seeing software applications as “black boxes” that can be protected using firewalls and IDS/IPS) cannot work anymore in today’s software landscape.