Defense One Putin Lost the Digital War Abroad. Will He Lose at Home? “There is always an inherent tension between using cybersecurity for intelligence versus using cybersecurity for attacks,” Tancman said. March 4, 2022 Patrick Tucker
Dark Reading What CISOs Should Tell the Board About Log4j Very few companies have a dedicated, board-level cybersecurity committee, which means cybersecurity isn’t viewed as a critical executive function. February 11, 2022 Liran Tancman
Threatpost Will 2022 Be the Year of the Software Bill of Materials? Liran Tancman, CEO of Rezilion, told Threatpost that after an SBOM is developed, it needs to be maintained and updated… January 18, 2022 Lisa Vaas
The CyberWire Russo-Ukrainian tension and the future of open source software security "Log4j is another example of why code transparency is critical. Log4j shines a spotlight on the need to be able to track code through a Software Bill of Materials (SBOM)." January 14, 2022 The CyberWire Staff
My TechDecisions What Tech Firms Are Saying About The White House’s Open-Source Security Summit “Through transparency, when a vulnerability like Log4J appears, they can more efficiently detect it and remediate it,” Tancman says. “But you cannot remediate what you can’t see – which is why they are pushing for an effective way for security leaders to be able to provide that transparency. January 14, 2022 Zachary Comeau
CPO Magazine CISA and Other Third Parties Publish Log4j Scanners to detect Log4Shell “Rezilion noted that various Log4j scanners had blindspots and were limited by the detection, method making them less effective.” December 30, 2021 Alicia Hope
The New Stack Log4j Scanner Blindspots “In order to estimate how big the industry’s current blindspot is Rezilion’s vulnerability research team conducted a survey where multiple… December 30, 2021 Steven J. Vaughan-Nichols
The CyberWire Log4j update: a Federal deadline, Conti sightings, and the scanning challenge In order to estimate how big the industry’s current blindspot is Rezilion’s vulnerability research team conducted a survey where multiple open source and commercial scanning tools were assessed. December 23, 2021 CyberWire Staff
Cybersecurity Dive US allies call for Log4j vigilance as organizations struggle to detect vulnerabilities Three of the leading web application scanning tools have been unable to fully detect all instances of Log4j because its nested inside other code, according to report released this week from Rezilion. December 23, 2021 David Jones