DHS Review Board Deems Log4j an ‘Endemic’ Cyber Threat

The US Department of Homeland Security’s Cyber Safety Review Board (CSRB) warns that the Apache Log4j vulnerability is a significant risk to organizations and will remain so for the next decade or longer. The CSRB report maintains that open-source code is inadequately resourced for security, requiring broad assistance from both the private and public sectors. CSRB suggests establishing protocols to prevent use of vulnerable Log4j versions and maintaining an accurate inventory of IT assets. Experts have expressed the need for more coordinated efforts in open-source security.