It’s been a hot minute since my last post here so I decided to drop some text and an update. As a cloud security architect I’ve been working with my colleagues around the world on a number of recent events.
It started with the Log4Shell vulnerability. We worked through a number of sleepless nights to ensure we were not affected by the vulnerability and then patching the few instances where 3rd party products used the affected versions. In addition to the analysis and patching (actually rebuilding, no need for patching anymore), we developed a number of new tools and employed a number of open source products to identify our software bill-of-materials (SBOM). We settled on Syft to scan our containers and images building a constantly updated SBOM.
Now we are dealing with the affects of the Russian invasion of Ukraine. The Shields Up program is prompting us to redouble our efforts to protect our product.