Apache Struts 2: how technical and development gaps caused the Equifax Breach
2018; Elsevier BV; Volume: 2018; Issue: 1 Linguagem: Inglês
10.1016/s1353-4858(18)30005-9
ISSN1872-9371
Autores Tópico(s)Blockchain Technology Applications and Security
ResumoYou already know the story: by identifying an Apache Struts CVE-2017-5638 vulnerability, criminals exposed the personal data of up to 143 million Equifax customers. What needs closer examination is the cause. The coding risk that opened up the door must be identified and closed. And just as important, companies need to examine their development processes for openings that let vulnerabilities in. Open source software (OSS) is widely used in software applications but rarely tracked in detail. Companies don't know what they don't know regarding open source and the breach teaches important lessons about the need to close that gap. An Apache Struts vulnerability allowed hackers to steal data on 143 million Equifax customers. What needs closer examination is the cause. The breach offers a reminder about how security practices play an important role in protecting a company, along with instituting security policies into engineering planning and processes. There's an opportunity for a conversation about stopping hackers in their tracks with tight processes, especially with regard to the use of open source software, explains Jeff Luszcz of Flexera.
Referência(s)