Software Integrity Blog

Author Archive

Christopher Fearon

christopher-fearon

Focusing on delivering maximum security & customer value, Christopher is dedicated to redefining Open Source Software vulnerability disclosure & management processes. Multiple years of experience within large financial and private sector security roles, Christopher has developed both security leadership and expertise in the areas of application security, incident response & strategic research planning, including the adoption and effective implementation of Open Source software.


Posts by Christopher Fearon:

 

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Continue Reading...

Posted in Software Security Research | Comments Off on Apache Struts research at scale, Part 1: Building 115 versions of Struts

 

Examining Apache Struts remote code execution vulnerabilities

Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.

Continue Reading...

Posted in Data Breach Security, Open Source Security, Software Architecture & Design | Comments Off on Examining Apache Struts remote code execution vulnerabilities