Almost 2 years after log4j .. if your PSIRT has survived, Are the Lessons learned or not learned on security incident & vulnerability management ?
10-19, 09:30–09:55 (Europe/Luxembourg), Salle Europe

In Dec 2021, the media and public discovered the “famous” log4j vulnerability.
They realized that for every product or website using software or shared libraries and components , these products can become vulnerable to cyber attack.

Companies in technology sector producing «software » had to face the same « disease or scary movie ». A small library used everywhere has damaged almost all software & websites.

At this time a part of companies believed they were prepared with a PSIRT or a CSIRT or a CERT, the other part had to “improvise, resolve and learn”

Today’s main « key » questions which seems of interest:

  • Do we all remember (good and bad parts of the experience) ?

  • Have we realized it’s a miracle the PSIRT teams survived the experience ?

  • Have we learned the lessons of what happened with log4j ?

  • Are we now prepare when (‘and not if’) a new « vulnerability scary movie » will come back

In this talk we will try to:

** Review the theory and framework for security operation (detect/respond/recover & lessons learned) in real case scenario log4j

** Highlight that in security incident management :

  • PSIRT (when it exists) is not a magic team or heroes

  • Full recovery takes time

** Admit that there are no other choices than

  • Shift Left (SSDLC)
  • Involve the management and accountable players (CMDB, SBOM, BCP)
  • Collectively align our incident response and vulnerability management approaches and forces
See also:

Senior Security Engineer in SecOps and Incident Response (PSIRT) in Thales since several years with operational and practical knowledge in audit, vulnerability management , incident response, customer support, system integration.
Active contributor to standardization security working groups and information sharing communities