[Owasp-leaders] Struts2 Vulnerabilities: Who is Responsible (Video and Podcast)

Mark Miller mark.miller at owasp.org
Thu Sep 14 20:20:16 UTC 2017


All,

With the *acknowledgement by Equifax*
<http://fortune.com/2017/09/14/equifax-data-breach-security-apache-struts/>
that the massive breach of over 143 million customer records was caused by
an unpatched vulnerability in Struts2. We try and slow down a bit to talk
about who is responsible for this, the creators of the open source
solutions or the people who use them. *In this video broadcast
<http://blog.sonatype.com/struts2-vulnerabilities-who-is-responsible>*, we
speak with David Blevins, CEO of TomiTribe and Brian Fox, CTO of Sonatype.
Both are members of *Apache Software Foundation* <https://www.apache.org/>.

This is directly related to the *OWASP Top 10 - A9
<https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities>*,
Using Components with Known Vulnerabilities.

If you can't view YouTube videos, you can listen to the *entire
podcast, **Struts2
Vulnerabilities: Who Is Responsible* on the OWASP 24/7 Podcast Channel
<https://soundcloud.com/owasp-podcast/struts2-vulnerabilities-who-is-responsible>
.

-- 
*Mark Miller, Senior Storyteller*
*Editor/Moderator, DevOps Group on LinkedIn (57K members and growing)*
*Host and Executive Producer, OWASP 24/7 Podcast Channel*
*Community Advocate, Sonatype*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170914/fd0c6422/attachment.html>


More information about the OWASP-Leaders mailing list