Cyber 2 MIN Read

Log4J Makes the Case for SBOM and Reimagined Risk Management

January 11th, 2022


Learn more about our cybersecurity approach and work.

The recent log4j breach is impacting businesses, institutions and Federal agencies far and wide. Because the log4j code is used ubiquitously across applications we use daily, a severe vulnerability in this code allowed cyber actors a trivial path to take control of unpatched servers around the world.

GDIT’s Chief Information Security Officer Michael Baker talked about log4j’s impact and the lengths GDIT is going to support our customers in the wake of what the U.S. Cybersecurity and Infrastructure Security Agency director and The Washington Post called “the most serious security breach ever.”

“There is a lot of attention – rightfully so – focused on this,” he said. “We’re working at GDIT on a strategy to get us back to good as quick as humanly possible. The day-to-day here is making sure that the different parts of the organization are operating effectively and working together to realize speed to remediation for us and our customers.”

“This is the event that we in the cyber and SBOM (Software Bill of Materials) community has been looking at as a really significant event,” he said. “When Biden came out with the SBOM in the Executive Order it was aggressive, but it was necessary,” he said, and this shows why.

“We all think about how we use and consume open-source software,” he continued. “In the absence of limiting our ability to conduct business, we must have hard discussions around open source and freeware software – but it’s not like that’s the only place where the problem exists. It exists in off the shelf software as well. Risk is risk is risk; you accept it, you buy it down or you transfer it.”

Watch the full interview below: