One Year After Log4Shell, Most Firms Are Still Exposed to Attack

Despite fewer attacks than anticipated, the Log4j vulnerability remains a major concern a year after its revelation. Many systems still remain unpatched, with about 72% of organizations found to be vulnerable as of October 2021, according to Tenable. Furthermore, organizations often find the flaw is reintroduced as they add new infrastructure. However, experts suggest the high-profile vulnerability has raised awareness on software composition analysis and the necessity of visibility into all codebase components.