How do you make your customers feel safe from the log4j vulnerability?
(a) Say nothing
(b) Disclose.
I hate to pitch any company, other than mine, obviously, but AWS has done a "Good Thing" (TM) by publishing their activities.
At a minimum,
1. Please have a security page or blog
2. Tell people you are on tracking log4j vulnerabilities
3. Tell people you have no direct log4j vulnerabilities OR you have mitigated the issues
4. You will keep them informed if there are any new developments.
コメント