FrederiqueD, Thales
.ical

Senior Security Engineer in SecOps and Incident Response (PSIRT) in Thales since several years with operational and practical knowledge in audit, vulnerability management , incident response, customer support, system integration.
Active contributor to standardization security working groups and information sharing communities

The speaker's profile picture

Sessions

10-19
09:30
25min
Almost 2 years after log4j .. if your PSIRT has survived, Are the Lessons learned or not learned on security incident & vulnerability management ?
FrederiqueD, Thales

In Dec 2021, the media and public discovered the “famous” log4j vulnerability.
They realized that for every product or website using software or shared libraries and components , these products can become vulnerable to cyber attack.

Companies in technology sector producing «software » had to face the same « disease or scary movie ». A small library used everywhere has damaged almost all software & websites.

At this time a part of companies believed they were prepared with a PSIRT or a CSIRT or a CERT, the other part had to “improvise, resolve and learn”

Today’s main « key » questions which seems of interest:

  • Do we all remember (good and bad parts of the experience) ?

  • Have we realized it’s a miracle the PSIRT teams survived the experience ?

  • Have we learned the lessons of what happened with log4j ?

  • Are we now prepare when (‘and not if’) a new « vulnerability scary movie » will come back

hack.lu
Salle Europe