Fear, panic and Log4j: One year later

A year after the disclosure of the critical Apache Log4j vulnerability, known as Log4Shell, US cybersecurity is still threatened. The vulnerability allows hackers to gain control over applications with a single line of code and has been used to target US agencies, critical infrastructure, and other organisations. Despite remediation efforts, around 2.5% of assets remain vulnerable. The crisis has led to an increased focus on the open-source software supply chain and the importance of increased transparency and automation.