Security News > 2022 > July > Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’
The Cyber Safety Review Board recently labeled the Log4j security exploit as an 'endemic vulnerability' that will linger for years, according to a report released on Jul 11, 2022.
"At some point, we're going to see even more visible use of Software Bill of Materials reports. Just as the FDA expects consumers to be able to stay informed about what they're putting in their bodies by way of standardized nutrition facts labels with clear lists of ingredients, businesses and other entities using software will want-and ultimately need-transparency about what goes into the software they're using."
Amongst Java developers, this piece of software has also been embedded into thousands of other software packages.
The ease of use has some hackers looking to exploit numerous pieces of software that have not yet been patched as part of Log4j.
This became a serious issue on December 9, 2021 after the vulnerability was made public, as researchers at Cloudflare found that there were 400 scans per second to attempt to take advantage of compromised systems using the software.
"Asset management is extremely hard, especially when you factor in cloud applications. When it comes to your own homegrown applications in the cloud, developers rarely keep track of what software components they use. For SaaS applications, you need to count on the vendor knowing what they've developed and which software components are being used. This is all about software supply chain security, which is broken today."