Equifax has selected Sonatype’s Nexus Platform to monitor the use of its open-source libraries across its network to help prevent another breach.
Equifax’s 2017 massive hack raised an alarm over the use vulnerable software, but majority of Fortune 100 companies still haven’t learned the lesson.
Open-source automation firm Sonatype has revealed that in the last six months of 2018, two-thirds of the Fortune 100 companies downloaded a vulnerable version of Apache Struts, the same vulnerable server software that was used by hackers to steal the personal data of nearly 150 million consumers.
Interestingly, this is happening despite several patched Struts versions being released after the attack.
However, Sonatype didn’t mention the names of the Fortune 100 firms that had downloaded the vulnerable software. Also, it is not clear what the software was used for, TechCrunch reported.
According to the data shared by Sonatype, more than 18,000 businesses downloaded vulnerable versions of Struts during the said period.
It is to be noted here that a House committee investigation late last year had stated that the Equifax breach was “entirely preventable” had the company patched its vulnerable servers months earlier when the patches and the advisories to companies were released.
Equifax to deploy Sonatype’s Nexus Platform
Meanwhile, Sonatype announced Tuesday that Equifax has selected its Nexus Platform to monitor the use of the credit agency’s open-source libraries across its network to help prevent another breach.
Bryson Koehler, Chief Technology Officer for Equifax said that the company is “focused on building security into each software application from the start and enhancing it throughout the development process.”
“Sonatype’s Nexus platform will help provide additional visibility, insight and automated governance of our use of open source throughout the development and operations lifecycle,” he added.