Abstract
You already know the story: by identifying an Apache Struts CVE-2017-5638 vulnerability, criminals exposed the personal data of up to 143 million Equifax customers. What needs closer examination is the cause. The coding risk that opened up the door must be identified and closed. And just as important, companies need to examine their development processes for openings that let vulnerabilities in. Open source software (OSS) is widely used in software applications but rarely tracked in detail. Companies don't know what they don't know regarding open source and the breach teaches important lessons about the need to close that gap. An Apache Struts vulnerability allowed hackers to steal data on 143 million Equifax customers. What needs closer examination is the cause. The breach offers a reminder about how security practices play an important role in protecting a company, along with instituting security policies into engineering planning and processes. There's an opportunity for a conversation about stopping hackers in their tracks with tight processes, especially with regard to the use of open source software, explains Jeff Luszcz of Flexera.
Subject
Information Systems and Management,Computer Networks and Communications,Safety, Risk, Reliability and Quality
Reference3 articles.
1. ‘Apache Struts Jakarta Multipart Parser Code Execution Vulnerability'; Flexera Secunia Advisory SA75730, Accessed Jan 2018. https://secuniaresearch.flexerasoftware.com/community/advisories/75730 8 Mar 2017:
2. Hardik Shah ‘Analysing CVE-2017-9791: Apache Struts Vulnerability Can Lead to Remote Code Execution';
19 Jul 2017:
McAfee>
Accessed Jan 2018. https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution/
Cited by
16 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献