The unfolding of the Equifax breach shows that the attack started around two months after the vulnerability was disclosed and the patch was made available by Apache. That means the vulnerability could have been eliminated with a patch long before the attack.
The real problem is that it takes enterprises much longer to mitigate vulnerabilities than it takes hackers to start exploiting them. This is not an isolated case. Just remember the consequences of the WannaCry attacks back in May 2017. These examples show that we continue to leave a wide-open window of opportunity for hackers.
Open source components like Apache Struts are widely adopted by developers of commercial and in-house applications. This makes them a popular target for hackers. Organizations that aren’t aware of the components they’re using or don’t track software vulnerabilities, put themselves and their customers at risk.
Flexera's FlexNet Code Insight provides a complete Bill of Materials (BOM) for open source and third party components in your code, and alerts you to OSS vulnerabilities.
Flexera's Software Vulnerability Manager delivers vulnerability intelligence, assessment and remediation.
These tools are key for effective reduction of risk by shutting the window of opportunity for hackers.