As predicted Log4j is going to be a problem for a long time

The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed:

CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov)

It makes interesting reading. I wonder just how many developers do not know about the issue, or understand how it impacts them?

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

Further Reading

Log4j and Log4Shell posts at Smart Thinking Solutions

Clive Catton MSc (Cyber Security) – by-line and other articles

Please Note:

I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.