Beating hackers at bug hunting

(Image: Pixabay CC0) - An innovative new collaboration between EPFL's HexHive Laboratory and Oracle has developed automated, far-reaching technology in the ongoing battle between IT security managers and attackers, hoping to find bugs before the hackers do. On the 9th of December 2021 the world of IT security went into a state of shock. Before its developers even knew it, the log4j application - part of the Apache suite used on most web servers - was being exploited by hackers, allowing them to take control of servers and data centers all over the world. The Wall Street Journal reported news that nobody wanted to hear: "U.S. officials say hundreds of millions of devices are at risk. Hackers could use the bug to steal data, install malware or take control." 93% of the world's cloud services affected One estimate stated that the vulnerability affected 93% of enterprise cloud environments. At EPFL, all IT administrators were sent instructions to patch their server software immediately. Even Oracle Corporation, world leaders in information security, had to send out a distress call: "Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by our Security Alert as soon as possible." Victims of the log4j bug included the Belgian Ministry of Defence, the UK's National Health Service and a range of financial trading platforms. So, what have corporations like Oracle done to try to prevent an incident like this occurring again?