DHS Review Board Deems Log4j an ‘Endemic’ Cyber Threat

The US Department of Homeland Security’s Cyber Safety Review Board (CSRB) has warned that the Apache Log4j vulnerability will pose a major threat to organisations for at least a decade. The CSRB has called on federal agencies to aid open-source security, which is currently under-resourced, and has issued 19 recommendations for mitigating Log4j and other similar risks. This was CSRB’s first mission since its establishment in February 2022 and it urged more coordinated action on open-source security.