Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

Security Processes at the Apache Software Foundation (video and podcast)

September 15, 2017 By Mark Miller

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is found within one of their projects.

If you don't have access to YouTube, you can listen to the podcast.

About Mark Thomas
Mark is currently employed by Pivotal where he spends most of his time working on Apache Tomcat. At the Apache Software Foundation, Mark is a committer and PMC member for Apache Tomcat as well as other projects. At the foundation level he is an ASF member, a member of the security and trademarks committees, is an infrastructure volunteer and a Director. Mark speaks regularly on Apache Tomcat including at ApacheCon.

Tags: Struts, Application Security, Apache Struts2, asf, apache software foundation

Written by Mark Miller

Mark Miller serves as the Senior Storyteller and DevOps Advocate at Sonatype. He speaks and writes extensively on DevSecOps and Security, hosting panel discussions, podcasts, and webinars on tools and processes within the Software Supply Chain.