Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

DZone's Guide to

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

When there's a vulnerability in open source software, is it the reponsibility of the developers who created it, or the companies that adopt it?

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Update: This article was originally published on September 14, 2017. The same day, Kevin McGrail published an article on LinkedIn, Act II: Equifax tries and fails to throw Apache Struts under the Bus, where he, too, talks about how commercial companies might consider contributing financially to open source projects.

With the acknowledgment by Equifax that the massive breach of over 143 million customer records was caused by an unpatched vulnerability in Struts2, we try and slow down a bit to talk about who is responsible for this, the creators of the open source solutions or the people who use them? In this broadcast, we speak with David Blevins, CEO of TomiTribe and Brian Fox, CTO of Sonatype.

If you can't view YouTube videos, you can listen to the entire podcast, Struts2 Vulnerabilities: Who Is Responsible on the OWASP 24/7 Podcast Channel.


Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,devsecops ,equifax ,apache struts 2

Published at DZone with permission of Mark Miller, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}