Amit Shah is the director of product marketing at Dynatrace and one of the guys who discovered the Log4j vulnerability early on. Shah has participated with product marketing teams at places like Splunk and PayPal after graduating from UC Berkeley with an undergrad in electrical engineering and computer science and earning an MBA from Cornell. Today’s episode dives into vulnerabilities.
Log4Shell is a software vulnerability and Apache Log4j 2, a popular and well-known Java library for logging error messages in applications. It’s a known vulnerability with a severity rating of 10. Several patches had been released by the time it was discovered, one of which didn’t work so well. What makes it so dangerous is it’s virtually everywhere and runs on Amazon Web Services all the way to VMware with a whole host of dependencies among affected platforms and services that makes patching a nightmare.
It gives attackers complete control over any internet-connected service that uses the Log4j library anywhere in the software stack. Shah weighs in on how he discovered it and what he does to deal with it:
In this episode of Cybersecurity Unplugged, Shah also discusses:
- The questions that arise from the Log4j vulnerability;
- Challenges around the proper configuration and software supply chain;
- The exposure of energy companies having power supply disruptions for millions of customers;
- The need for cybersecurity education.