With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job
Security Intelligence, February 24th, 2023
Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation.
What made this exposure so damaging was how widespread this piece of code is and how hard it is to find exactly where it's used. This open-source logging code from Apache was the most popular java logging library, clocking in at over 400,000+ downloads from GitHub.