Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

September 14, 2017 By Mark Miller

1 minute read time

Update: This article was originally published on September 14, 2017. The same day, Kevin McGrail published an article on LinkedIn, Act II: Equifax tries and fails to throw Apache Struts under the Bus, where he, too, talks about how commercial companies might consider contributing financially to open source projects.

With the acknowledgement by Equifax that the massive breach of over 143 million customer records was caused by an unpatched vulnerability in Struts2, we try and slow down a bit to talk about who is responsible for this, the creators of the open source solutions or the people who use them. In this broadcast, we speak with David Blevins, CEO of TomiTribe and Brian Fox, CTO of Sonatype.

If you can't view YouTube videos, you can listen to the entire podcast, Struts2 Vulnerabilities: Who Is Responsible on the OWASP 24/7 Podcast Channel.

Written by Mark Miller

Mark Miller serves as the Senior Storyteller and DevOps Advocate at Sonatype. He speaks and writes extensively on DevSecOps and Security, hosting panel discussions, podcasts, and webinars on tools and processes within the Software Supply Chain.

Explore All Posts by Mark Miller

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

Get Sonatype Blog Digest

Subscribe for all the latest software security news and events