As we all are familiar by now, the Apache Log4j vulnerability shook the industry last December, and had create much chaos, which we are still witnessing today. Tim Mackey, Principal Security Strategist with Synopsys Cybersecurity Research Centre answers some tough questions on the aftermath of Log4j and its repercussions:
- Are we seeing the end of the era of open source?
- Should there be a commercial replacement to protect companies from security implications after Log4j?
- What kind of governance should be put in place, if any, to help identify and mitigate vulnerabilities sooner rather than later?
- Should better incentives be introduced to encourage the detection of vulnerabilities in OSS? Are there other incentives apart from financial ones?