Log4Shell remains big threat and common cause for security breaches

The Log4Shell vulnerability in the widely used Log4j open-source Java library remains a significant cause of security breaches, despite having had patches issued. Enterprises have been urged to adopt software composition analysis and secure supply chain management practices due to the persistent risks. A report by Cisco’s Talos group predicts Log4j exploitation will remain a challenge until 2023. As of October 2022, 72% of organizations still had assets vulnerable to Log4Shell.