Log4j Forever Changed What (Some) Cyber Pros Think About OSS

The Apache Software Foundation’s announcement of the Log4Shell bug in the Log4j library set the tech industry on edge. Despite fixes being available within two weeks, 25% of downloads still involve unpatched versions of Log4j. The rise of open-source software (OSS) has made it difficult for IT professionals to know if they are using vulnerable code. Security regulators now advocate for software bills of materials (SBOMs), which can help assess risk more accurately.