One Year After Log4Shell, Most Firms Are Still Exposed to Attack

The Log4j vulnerability is still a significant threat to enterprise organizations a year after its disclosure, despite fewer public attacks than expected. Around 64% of Java applications use Log4j and many remain unpatched against the flaw, including an estimated 72% of businesses. The ease of reintroduction of the flaw into environments and the difficulty of locating it within organizations underlines the enduring threat. However, the issue has increased awareness of practices like software composition analysis and software bill of materials.