Log4J Forever Changed What (Some) Cyber Pros Think About Open-Source Software (OSS)
Security Intelligence, January 23rd, 2023
In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry.
The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services.
Nearly anything from popular consumer and enterprise platforms to critical infrastructure and IoT devices was exposed. Over 35,000 Java packages were impacted by Log4j vulnerabilities. That's over 8% of the Maven Central repository, the world's largest Java package repository.