Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’
The Cyber Safety Review Board (CRSB) has recently classified the Log4j security vulnerability as endemic, meaning that it will likely linger and cause issues for years. The report was released earlier this month, and pertains to the security flaw that is relatively easy to exploit. The Log4j vulnerability was discovered in December 2021 and has continued to pose a threat.
The CRSB’s findings may signal a certain direction for the future where the vulnerability will need to be taken into account in the security industry. In addition, there may be more use of Software Bill of Materials reports, says Axonius senior director of security Daniel Trauner. This will lead to a higher level of transparency regarding what is in the software companies are using. Log4j is an open-source Java-based logging framework. The file is free to download and destructive. Attackers can embed the software into other software packages, meaning that they will infect those packages.