How open source vulnerabilities can compromise your software

How open source vulnerabilities can compromise your software with Cycode | The Big Dev Theory | S1 | Ep.3

Stuart Clark
Amazon Employee
Published Jan 24, 2023
Last Modified Apr 18, 2024
In this episode of The Big Dev Theory on Twitch, we explore the steps necessary to build a secure CI/CD flow for a Java program with a vulnerable Log4j version. Our guest is Alex Ilgayev, Head of Security Research at Cycode who begin by constructing a simple exploit in the Kubernetes cluster and demonstrating the potential consequences. We then examine how to update the version of Log4j through basic Static Code Analysis capabilities in the source code, thereby solving the issue. Finally, it demonstrates how to deploy a non-vulnerable version to the cloud.
Each episode, we chat with AWS partners and bring experts with specialized knowledge in various areas of technology to provide informative and engaging live streams that help developers stay up-to-date with the latest trends and tools.


Stuart Clark, Senior Developer Advocate @ AWS
Du'An Lightfoot, Senior Developer Advocate @ AWS

What is the The Big Dev Theory?

The Big Dev Theory is a live stream broadcast every week on the AWS Twitch channel. Our live streams are designed to help developers learn about the advantages of our partner technologies and AWS, these events provide developers with the opportunity to learn from some of the top minds in the industry and connect with other developers who are working on similar projects. A key part of its mission to help developers build and innovate with confidence.

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.