Lessons Learned: The Log4J Vulnerability 12 Months On

Over a year since the discovery of the Log4Shell vulnerability affecting the Apache Log4j library, 30-40% of Log4j downloads are still of the vulnerable version. Despite warnings from cybersecurity agencies and the rapid release of a patch, the bug continues to be exploited. It’s underscored the importance of securing the software supply chain and practising good security hygiene. Experts recommend reviewing all installations of Log4j, even deeper within networks, and maintaining constant oversight of the software and code being used.