Apache Software Foundation President David Nalley on Tuesday told the Senate Homeland Security & Government Affairs Committee it could take months, or even years, to fully eliminate the Log4j ...

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...

The log4j vulnerability is a cybersecurity loop-hole that exploits a small, nearly ubiquitous piece of software called log4j, which is used for recording the activities of various computer programs.

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn't the wake-up call it should have been.

Community driven content discussing all aspects of software development from DevOps to design patterns. In case you’ve been hiding under a rock – or perhaps hiding from endless yelping about security ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Out of all the vulnerabilities discovered ...

Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 ...

There’s a great cartoon that sums up the state of modern software. Titled “Dependency,” it shows a mass of digital infrastructure teetering on one small piece of open-source code. The image is ...

Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java ...

The close of 2021 brought to light one of the biggest security vulnerabilities that cyber practitioners have seen in some time. I’m talking, of course, about Log4j, or Log4Shell as it’s otherwise ...