It’s the Log4Shell anniversary. Somehow, about a third of Log4j downloads are still of the vulnerable version. Why is that? And what is the IT industry doing wrong? What can organisations do?
The Log4j vulnerability, one year later, shines a light on a lack of open source governance and visibility that still needs addressing across many organisations. This issue isn’t going away, and if it isn’t Log4j, it will be something else if companies don’t get their software supply chains in shape.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.