In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache's Log4j logging library (aka Log4Shell). Mike talks about the ins and outs of GitHub's response to this blockbuster vulnerability and what could have helped the industry deal with an issue of this massive scope more effectively (hint: he drops the SBOM). They also touch on GitHub's updated policy on the sharing of exploits.

Stick around for our Rapid Rundown, where Tod and Jen talk about Microsoft's release of emergency fixes for Windows Server and VPN over Martin Luther King Day weekend.

Mike Hanley

Mike Hanley is the Chief Security Officer at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo's acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco's cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.

When he's not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and seven kids.

Show notes

Interview links

  • Read GitHub's blog on the Log4j vulnerability, and the follow-up.
  • Check out GitHub's Dependabot.
  • Find out Why Johnny Can't Encrypt.
  • Learn about GitHub's Sponsor Program.
  • Read about the work going on at OpenSSF.
  • Delve into Mike's blog post on GitHub's exploit code policy.

Rapid Rundown links

  • Get the info on Microsoft's emergency fixes for Windows Server and VPN bugs.

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Want More Inspiring Stories From the Security Community? Subscribe to Security Nation Today

Attachments

  • Original Link
  • Original Document
  • Permalink

Disclaimer

Rapid7 Inc. published this content on 19 January 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 January 2022 21:55:19 UTC.