Spring4Shell – By the numbers

By Ilkka Turunen on April 04, 2022 component vulnerability

6 minute read time

Spring4Shell, a new 0-day RCE, is not quite as bad as Log4shell but has a wide blast radius. We dive into the numbers on how the world is fixing the issue.

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability

2 minute read time

Organizations keep software applications safe, not by chance, but by preparation.

What you should know about the latest Struts2 Vulnerability (video and podcast)

By Mark Miller on September 08, 2017 OSS governance

1 minute read time

What you should know about the recent struts 2 vulnerability announcements from September 2018