The 7 Stages of DevSecOps 0-day grief

The past 2-weeks have been pretty crazy for those in the security industry. The Log4j vulnerability has broad-reaching impact. Scott Crawford, Head of Research at 451 had a good post on LinkedIn. Here's an excerpt.

Last December, the technology world was shaken by one of the most wide-ranging attack campaigns to date. A year almost to the day later, it’s now racing to remediate one of the most pervasive vulnerabilities ever seen. In between, a continuing series of high-profile incidents have accelerated the valuation of a number of cybersecurity technology providers to stratospheric heights. What more could 2022 possibly bring?

The vuln is going to be a part of the narrative for months to come. People will be sitting around lobbycon's of security conferences for years talking about their Log4j war stories.

I saw a tweet from friend and hacker, d0nut, on twitter.

I’ve spent so much time digging into Log4J the last couple of days that it has officially entered my dreams.

As an aside, I’ve got a new bypass idea lol.

— d0nut (@d0nutptr) December 14, 2021

Which inspired me to create "The 7 Stages of DevSecOps 0-day Grief" and tweet it. Much of humor is based in some pain or truth. Enjoy and, thanks to the blue teamers securing our world. 👊