Open Source & More - Blog | Tidelift

You're invited:  Log4Shell, open source maintenance, and why SBOMs are critical now

Written by Amy Hays | March 1, 2022

Did you or your development team lose some nights, weekends, or holidays when the Log4Shell vulnerability broke over the 2021 holidays? You weren't alone; Log4j is a ubiquitous and long-lived Java logging component that has been maintained by hard-working volunteer maintainers for over 20 years. When we worked closely with our customers to remediate the vulnerability, we observed that every single one of them had been using Log4j.

The good news in all of this, though? Log4Shell provides a great learning moment for anyone building applications with open source software.

Join Tidelift CEO and co-founder Donald Fisher and guest speaker Forrester Principal Analyst Sandy Carielli on March 8 at 1 p.m. ET as they discuss some of the key lessons organizations can learn from Log4Shell along with some critical recommendations that can help you prepare for handling similar issues down the road.

Sandy and Donald will talk about how enterprise organizations should:

  • Use software bills of materials to better understand and manage their open source software supply chain
  • Enhance their visibility of the open source components being used and the associated transitive dependencies
  • Focus on proactive open source maintenance and how to better prepare their teams to quickly mitigate the risk of future vulnerabilities
  • Consider the role open source maintainers play in risk planning and mitigation

You won’t want to miss this. RSVP below: