Threat Post

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...
VentureBeat

How to detect whether you have the Log4j2 vulnerability

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Editor’s Note: Additional information has ...
Dark Reading

Log4j Highlights Need for Better Handle on Software Dependencies

It's a new year and the cybersecurity community now faces the long-term consequences of yet another software supply chain security nightmare. After a year full of application security zero-day fallout ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
InfoWorld

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...
TheServerSide

Lessons learned from the Log4j vulnerability

Community driven content discussing all aspects of software development from DevOps to design patterns. In case you’ve been hiding under a rock – or perhaps hiding from endless yelping about security ...
TechRepublic

Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps

Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps Your email has been sent With so many security and developer teams doing postmortems on the Log4j security ...