[2022 javaone] log4shell where were your bug detection tools

Speaker: Munawar Hafitz

For more see the table of contents

  • we remember log4shell
  • Path analysis
  • Deep calls
  • polymorphism
  • Didn’t blog on this but Open Refactory presented about Log4j. (felt very commercially). Presented Apache Commons vulnerability as ”next Log4jShell” (it doesn’t look anywhere near as bad. per this article, it afects a specific API)

My take

This was mostly a commercial for OpenRefactory. I didn’t blog about the commercially parts

Leave a Reply

Your email address will not be published. Required fields are marked *