Despite What Some Vendors Say, Please Don’t Ignore Log4j

Mirroring the explosive growth of open source software, analysis around open source vulnerabilities continues to dominate headlines. However, in an alarming trend, many security vendors have begun citing stats that downplay risk to amplify their services, like the recent statistic that “96% of Log4j in use…was not vulnerable to the Log4Shell zero-day.” At first glance this seems like a great result – now you only have to worry about fixing 4% of your applications! However, once you understand how such …

devzone don log4j nexus lifecycle vendors vulnerabilities