Wednesday, February 9, 2022
If you work in an organization that uses open source to develop applications, by now you are probably aware of the recently disclosed vulnerability in log4j, commonly being referred to as the Log4Shell vulnerability.
Virtually every organization that uses Java (Maven/Gradle) uses log4j and has likely been impacted. According to data tracked by Tidelift, log4j-core has over 3,600 dependent packages in the Java language ecosystem and over 20,900 dependent software repositories on public code collaboration platforms.
Tidelift solutions architect Sean Wiley breaks down the current Log4Shell situation and shares tips for remediating the issue—including ways Tidelift can help your organization prepare for the next zero day vulnerability.