log4j vulnerability – is it a Risk?

by Alan Percy, CMO @TelcoBridges

Plenty of questions this last week about the log4j vulnerability and whether there is any risk within TelcoBridges ProSBC or Tmedia products.

In summary: TelcoBridges does not use log4j in our products and thus are not vulnerable to intrusion attacks through log4j.

Read on for more details:

What can we learn from this? One of the great quotes I heard at a security conference many years ago:

“The best part with open-source software: you get the source code.   The down-side of open-source is: so do the bad guys”

Case in point: we helped a customer (who asked to not be identified) this last year that had been using OpenSIPs (an open source SIP server/proxy) for call routing and security.  His system was slightly out of date and had a security vulnerability, allowing for registration flood attacks, crippling his network.  By moving to ProSBC, the attacks were mitigated, protecting his network and customers.

The development team at TelcoBridges is very selective about including open source software in our core products, limiting it’s use to situations where it can be fully protected from intrusion.  While this may result in additional development effort, the end result is a product that we know, can maintain, and can trust.

If you take VoIP security serious, you need to spend some time with the team at TelcoBridges