Senior Security Engineer in SecOps and Incident Response (PSIRT) in Thales since several years with operational and practical knowledge in audit, vulnerability management , incident response, customer support, system integration.
Active contributor to standardization security working groups and information sharing communities
In Dec 2021, the media and public discovered the “famous” log4j vulnerability.
They realized that for every product or website using software or shared libraries and components , these products can become vulnerable to cyber attack.
Companies in technology sector producing «software » had to face the same « disease or scary movie ». A small library used everywhere has damaged almost all software & websites.
At this time a part of companies believed they were prepared with a PSIRT or a CSIRT or a CERT, the other part had to “improvise, resolve and learn”
Today’s main « key » questions which seems of interest:
Do we all remember (good and bad parts of the experience) ?
Have we realized it’s a miracle the PSIRT teams survived the experience ?
Have we learned the lessons of what happened with log4j ?
Are we now prepare when (‘and not if’) a new « vulnerability scary movie » will come back