Security News > 2021 > December > Log4Shell is a dumpster fire that should have been avoided

Log4Shell is a dumpster fire that should have been avoided
2021-12-23 08:53

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game.

The truth is we have no idea how severely attackers have taken advantage of the vulnerabilities in Log4j.

Even the current maintainers of Log4j dislike it and were quick to default it to a disabled state in an update released on Monday, 13 December.

Heartbleed has eerie similarities to the Log4j incident as both were open-source projects, both projects suffered from under-resourcing, and both had become bloated over time.

Just think about the number of billable hours that have been spent on chasing the number of ways Log4j component has been incorporated in our deliverables, backend systems and in our supply chain.

The old saying goes, "Don't cry over spilt milk." When it comes to Log4j, the cybersecurity industry served a lot of milk in a cracked glass.


News URL

https://www.helpnetsecurity.com/2021/12/23/log4shell-avoided/