Meeting Register Page

Meeting banner
The Next Log4J is in Your Code. How to Know Before the Attackers Do?
The flood tide of new vulnerabilities continues to rise. According to NIST’s National Vulnerability Database (NVD) the number of new Common Vulnerabilities and Exposures set a new record for the fourth year running. Roughly 20,000 new CVE® Records were reported — at a rate of more than 50 per day. Many of these vulnerabilities are in Open-Source Components, such as Apache Log4J, or in Node.js packages is hosted on npm. Not even your best staffed application security (AppSec) teams can keep up. Even if they could fix all vulnerabilities, it would consistently break applications and slow software development to a crawl. Unfortunately, today security organizations waste precious developer cycles on upgrading hundreds of libraries and checking the box but it does not move the needle on making your organization more secure. When the next Log4J hits, it is essential that your applications are secure. Additionally, security executives will want to articulate these risks to the board as well as will want to reduce an organization’s exposure with time being of the essence. Join us for this insightful discussion as we will explore how security organizations can prioritize vulnerabilities and determine which threats actually have a higher chance of impacting specific applications. We will also examine a new concept called “attacker reachability” or short “attackability” that will help security executives focus on mitigating the greatest areas of risk.

Attendees of the ISE® Cocktails and Conversations will earn 1 CPE upon its conclusion.

Jul 20, 2022 05:30 PM in Eastern Time (US and Canada)

Meeting logo
* Required information