Log4j highlights ongoing cyber risk from free, open source software: Moody’s

Image: metamorworks via Getty Images. Article by David Jones. Cybersecurity Dive – February 11, 2022.

Dive Brief:

• Security flaws in free and open source software (FOSS) will be a recurring source of cyber risk, Moody’s Investors Service found. It could take organizations three to five years to fully resolve issues related to the Log4j vulnerability.
• Certain industries vary in their ability to respond to vulnerabilities, according to 2021 data from BitSight, a Moody’s partner on cyber issues. The telecommunications industry trails other sectors, remediating only 29% of critical vulnerabilities within 90 days. The legal industry, with the quickest response time, remediated 68% of critical vulnerabilities in the same time frame.
• The use of FOSS can save organizations considerable time and funding. But issues remain about the lack of financial support and, due to the voluntary participation of many contributors, developers experience high levels of burnout. […]

Click here to view original web page at www.cybersecuritydive.com