Log4Shell remains big threat and common cause for security breaches

A year after it was discovered, the Log4Shell vulnerability remains a common target for hackers, highlighting the risks posed by flaws in transitive software dependencies and the need for software composition analysis and secure supply chain practices. Despite the release of patches, its extensive usage and embedded character in larger systems makes addressing the vulnerability challenging. As a result, up to 72% of organizations still had assets vulnerable to Log4Shell by October 2022, often facing repeated occurrences even after initial remediation.