Fear, panic and Log4j: One year later

A year after the critical Apache Log4j vulnerability was first exposed, US software supply chains remain at risk, with the situation regarded as a long-term threat. The vulnerability has enabled threat actors from home and abroad to target key US entities. With Log4j’s software still deeply rooted into global systems, the industry is only in the early stages of containing the fallout.