From the Fall 2017 Issue

16 Tons of Technical Debt: An Operational Perspective on Security Automation

J.C. Herz
COO | Ion Channel

In September of 2017, Equifax announced that extremely sensitive data, including social security numbers and driver’s license information, had been exfiltrated by hackers via the Apache Struts framework used to develop the credit rater’s website – a framework that powers thousands of large enterprises’ websites as well. Given the scope of the damage enabled by criminal possession of the data, the potential consequences to consumers and banks, and the costs of remediation, are staggering. What’s tragic is that the same attack method used to exploit this vulnerability as a zero-day could also be used to exploit a . . .

Leave a Comment