TEL AVIV, Israel and BOSTON, Jan. 4, 2022 /PRNewswire/ — WhiteSource, a frontrunner in open supply safety and administration, right now introduced {that a} Log4j remediation preset is now included in each its business product and free GitHub developer software. This preset permits enterprises to search out and mechanically repair each direct and oblique Log4j dependencies, which is one thing that no different safety vendor is at present offering. As well as, a brand new on-line useful resource middle has been made out there by the corporate, to supply Log4j remediation and safe coding greatest practices.
Because the Log4Shell vulnerability was first revealed by the nationwide vulnerability database (NVD) on Dec twelfth, 2021, two extra vulnerabilities have been discovered within the common Java logging framework, Log4j. Our analysis exhibits that Log4j has been utilized in over 52% of purposes used throughout high 2000 organizations within the software program growth business.
Whereas extra vulnerabilities should be discovered, the brand new variations of Log4j resolve all recognized vulnerabilities. Nonetheless, many packages within the Maven and Gradle ecosystems use Log4j, so remediating it requires extra than simply upgrading Log4j in direct dependencies — it might additionally require upgrading a number of oblique dependencies. The brand new remediation preset by WhiteSource helps to handle the problem confronted by safety groups in updating oblique (transitive) dependencies.
“As information of latest Log4j exploits emerge day by day, it is essential for builders utilizing Log4j to rapidly and proactively replace Log4j to a safe model,” mentioned Rhys Arkins, Director of Product Administration at WhiteSource. “WhiteSource Renovate mixed with Merge Confidence helps builders assist that technique.”
Click on right here to go to the WhiteSource Log4j Useful resource Heart >>
About WhiteSource
WhiteSource helps organizations speed up the event of safe software program at scale. We offer automated instruments that assist bridge the safety data hole, integrating simply into the software program growth life cycle and going past detection with a remediation-first strategy. WhiteSource is constructed on essentially the most complete vulnerability database within the business, offering the widest protection for threats and assault vectors. Our answer helps enterprises like Microsoft, IBM, Comcast, Philips, and lots of extra scale back safety threat and improve the productiveness of their safety and growth groups. For extra data, go to www.whitesourcesoftware.com.