Bad hygiene is a bigger problem that you think – Equifax is not alone
46,557 organizations downloaded a vulnerable versions of Struts in the past 12 months. These components were downloaded 912,359 times. 1000 organizations downloaded vulnerable Struts versions more than 100 times.
The most critical vulnerability announcements with Struts2 were discovered in 2013 and 2017. In the past 12 months, over 3,053 organizations downloaded the CVE-2017-xxxx vulnerable Struts components; over 100,000 downloads were recorded. These are the same vulnerable components used to break into Equifax.
The only way to counter the inevitable bugs and vulnerabilities is to ensure you are able to respond and remediate quickly. Come find out how to do that.
Co-founder and CTO at Sonatype, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.