Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • SMEs say funding is vital – so why are a third not applying?
  • The CEO of Nothing. Why You Should Avoid ‘Gurus’
  • Can an ex-employee be silenced by an NDA in 2025?
  • E-Invoicing: The Lifeline UK Small Businesses Can’t Afford to Ignore
  • Social care experts launch an online marketplace to disrupt a sector in crisis.
  • Are SMEs getting better at embracing good cybersecurity practices?
  • Universities partner with Made Smarter to deliver fast-track digital leadership programme for SME manufacturers
  • How can smaller businesses use tech to level the playing field?
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Technology»How can business leaders protect against software vulnerabilities such as Log4Shell?

How can business leaders protect against software vulnerabilities such as Log4Shell?

0
Posted By sme-admin on February 14, 2022 Finance, Technology

Last December, the British government revealed that 2021 was a record year for tech investment in the country, with £29.4 billion pledged in British tech. This figure marked a 2.3x increase on 2020, which is the largest year-on-year growth since 2013/14. The industry is booming, with the UK storming ahead of European rivals– second place Germany received less than half of the UK’s funds at £14.7 billion. It is therefore a key time for investors to tighten up their investments and ensure that these new tech-driven assets are safe and secure from day one. Guillaume Acard, CTO at Vaultinum provides some insight for SMEToday’s readers.Guillaume Acard, CTO at Vaultinum

When investing in tech, encountering open-source software (OSS) is almost a given. According to data from Open UK, 89% of companies are running OSS for their day-to-day operations, with OSS contributing £46.5bn to UK business as a whole in 2020. OSS therefore offers many benefits, both to individual businesses and the national and global economies. But what are the potential risks, and how can they be mitigated?

Defining OSS and its deployment in enterprise

OSS is a type of software that is created by a community of developers operating on shared values of collaboration. As such, OSS code can be inspected, copied, modified, and redistributed relatively freely by developers, allowing them the liberty to adapt and rewrite sections of any given programme.

The development and usage of OSS within businesses is booming. Half of all contributors on Github, the popular software development hosting site, say that are mostly writing code as part of their role within a private company, rather than doing so as a student or for a hobby. There is good reason for this: OSS provides a strong alternative to using application software or writing all code in-house. Open-source code tends to have a lower rate of obsolescence, as the community can work as a hive mind for any required updates or bug fixes. OSS can overall be cheaper too, as it allows businesses to take advantage of pre-existing code in comparison to writing everything from scratch. The community also provides strong talent opportunities for businesses that want to cut costs and work with freelancers from time-to-time, or to plug a hiring gap.

Spotlight on Log4Shell: Avoiding cyber vulnerabilities

There are nevertheless some significant risks with using OSS which, if not appropriately mitigated, could cause devastating financial and reputational damages. As open-source code is external to the organisation, vulnerabilities can arise at any time, which can have a knock-on effect on business operations. The recent example of vulnerabilities in popular open-source logging framework Log4j is an excellent example of the potential dangers that can be associated with OSS.

Log4j allows software developers to log data within their applications, used ubiquitously in enterprise software. A vulnerability in the logger that allows attackers to control vulnerable devices was made public knowledge in early December 2021, having existed undetected since 2013. Hackers take advantage of the vulnerability to gain remote control over victims’ computers for a variety of purposes, such as sending spam, cryptocurrency mining, and ransomware attacks. Once the vulnerability was made public knowledge, cyber security group Check Point saw more than 100 attacks per minute.

The Apache Software Foundation, an American non-profit corporation which supports a variety of OSS projects including Log4j, gave the vulnerability a severity rating of 10, the highest available score. Big names in the tech industry were affected, with Microsoft, Amazon, and Google Cloud data all reported to be potentially vulnerable to attack. Some have gone as far to say that the Log4Shell incident is the most critical vulnerability ever, citing its severity, simplicity, and pervasiveness as an explanation for this. The incident certainly demonstrates that companies have a hyper-dependency on open-source code, meaning that in-house developers must be more proactive in regularly checking for known flaws in code and fixing their overall base accordingly.

How can businesses avoid such risks in the future?

One way that developers can assess and identify the risks in code is to deploy tech due diligence software. These tools can help to manage the usage of open-source code in broader in-house developed code bases, identifying the terms of their licenses and checking for any public active vulnerabilities, as well as updates to open-source software. In this case, tech due diligence tools would be able to identify which environments are currently exposed to the Log4Shell vulnerability, so that developers can quickly patch them up where necessary and check for updates to other software and source code within their system.

Having software due diligence tools in place and regularly auditing software is not commonplace across many businesses, particularly for startups and SMEs. However in situations like this, it can be a lifeline in helping to keep software risk free and raising an alert to potential vulnerabilities that your software could be exposed to. Another option is for businesses to place their trust in a third-party specialized in the protection and audit of digital assets. One such company, Vaultinum, carries out comprehensive software due diligence to protect your investment.

While tech due diligence tools won’t be able to anticipate vulnerabilities that are not yet widely known, companies may not even realise that they are exposed to existing bugs in their code, which is why checking software regularly must become a common practice among developers.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

SMEs say funding is vital – so why are a third not applying?

E-Invoicing: The Lifeline UK Small Businesses Can’t Afford to Ignore

Are SMEs getting better at embracing good cybersecurity practices?

Comments are closed.

Follow SME Today on Linkedin and share all the topics you find interesting
Invest in your pension

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
Events Calendar
    • Marketing
    May 6, 2025

    Why WordPress Remains One of the Best Website Platforms for Entrepreneurs

    May 1, 2025

    New initiative offers UK small businesses rare opportunity to secure national TV advertising with Channel 4 worth £300,000

    • Finance
    May 16, 2025

    SMEs say funding is vital – so why are a third not applying?

    May 15, 2025

    E-Invoicing: The Lifeline UK Small Businesses Can’t Afford to Ignore

    • Health & Safety
    January 29, 2025

    UK takeaways guilty of shocking hygiene failures:

    December 18, 2024

    Comment on Covid Corruption Commissioner Investigation

    • Events
    November 19, 2024

    Seventeenth Global Entrepreneurship Week (GEW)

    October 22, 2024

    Winners Announced for Sheffield Business Awards 2024

    • Community
    May 14, 2025

    Social care experts launch an online marketplace to disrupt a sector in crisis.

    May 1, 2025

    A Marathon Effort: Managing Director Raises Over £4,000 for Charity

    • Food & Drink
    April 16, 2025

    Cutting Down on Business Costs in Your Cafe

    April 15, 2025

    Allergy Awareness Advocate Julianne Ponan MBE To Address Gousto   

    • Books
    April 24, 2025

    Values-Driven Professionalism: A Path to Client Loyalty

    December 2, 2024

    Banish the banshee boss: how to lead without fear – addressing the issue of fear-based management and how NOT to be this manager

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    X (Twitter) YouTube LinkedIn
    Most Recent Posts
    May 16, 2025

    SMEs say funding is vital – so why are a third not applying?

    May 16, 2025

    The CEO of Nothing. Why You Should Avoid ‘Gurus’

    May 15, 2025

    Can an ex-employee be silenced by an NDA in 2025?

    May 15, 2025

    E-Invoicing: The Lifeline UK Small Businesses Can’t Afford to Ignore

    May 14, 2025

    Social care experts launch an online marketplace to disrupt a sector in crisis.

    Categories
    • Books
    • Community & Charity
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport & Tourism
    • Wellbeing & Mental Health

    Copyright © 2020 SME Today.

    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact
    Copyright © 2025 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.