Rapid7 : Mike Hanley of GitHub on the Log4j Vulnerability

Published: 2022-01-19 16:56:31 ET RPD

In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache's Log4j logging library (aka Log4Shell). Mike talks about the ins and outs of GitHub's response to this blockbuster vulnerability and what could have helped the industry deal with an issue of this massive scope more effectively (hint: he drops the SBOM). They also touch on GitHub's updated policy on the sharing of exploits.

Stick around for our Rapid Rundown, where Tod and Jen talk about Microsoft's release of emergency fixes for Windows Server and VPN over Martin Luther King Day weekend.

Mike Hanley is the Chief Security Officer at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo's acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco's cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community.

When he's not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and seven kids.

Interview links

Rapid Rundown links

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Disclaimer

Rapid7 Inc. published this content on 19 January 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 January 2022 21:55:19 UTC.