Security News > 2022 > March > Security leaders want legal action for failing to patch for Log4j

The recently identified vulnerability in the Log4j Java logging package has created headaches for security professionals around the world.

Log4j vulnerability reduced security professionals' trust in open-source tools.

The most commonly experienced impact of Log4j was the need for IT and security teams to work over the holidays to assess risk and make critical changes to protect infrastructure and data, followed by a reevaluation of software supply chain security practices and software purchasing decisions.

87% of respondents said that given the level of cyber risk posed by Log4j, government regulatory agencies should take legal action against organizations that fail to patch the flaw.

"News of the Log4j threat sent security and applications teams around the globe into a frenzy of activity - taking inventory of their internet-facing systems, checking for Log4j, checking revision levels, and putting into effect emergency patching - and while many organizations took the appropriate proactive step of reaching out to business partners and vendors to assess the potential exposure, the timing made efforts to remediate that much more of a challenge," said Carlos Morales, SVP of solutions at Neustar Security Services.

In addition to Log4j, the surveyed security professionals were asked about their other top concerns during the reporting period of November and December 2021.

News URL

https://www.helpnetsecurity.com/2022/03/02/log4j-vulnerability-security-professionals/