Rezilion in the Press

“There is always an inherent tension between using cybersecurity for intelligence versus using cybersecurity for attacks,” Tancman said. 

Very few companies have a dedicated, board-level cybersecurity committee, which means cybersecurity isn’t viewed as a critical executive function.

Liran Tancman, CEO of Rezilion, told Threatpost that after an SBOM is developed, it needs to be maintained and updated…

"Log4j is another example of why code transparency is critical. Log4j shines a spotlight on the need to be able to track code through a Software Bill of Materials (SBOM)."

“Through transparency, when a vulnerability like Log4J appears, they can more efficiently detect it and remediate it,” Tancman says. “But you cannot remediate what you can’t see – which is why they are pushing for an effective way for security leaders to be able to provide that transparency.

“Rezilion noted that various Log4j scanners had blindspots and were limited by the detection, method making them less effective.”

“In order to estimate how big the industry’s current blindspot is Rezilion’s vulnerability research team conducted a survey where multiple…

In order to estimate how big the industry’s current blindspot is Rezilion’s vulnerability research team conducted a survey where multiple open source and commercial scanning tools were assessed.

Three of the leading web application scanning tools have been unable to fully detect all instances of Log4j because its nested inside other code, according to report released this week from Rezilion.