Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one of the most notable vulnerabilities of the last decade?
To begin with, let’s briefly look at the issue itself. Log4j is a Java logging utility used by just about every Java-based product, tool, and service on the internet. If you’ve ever seen an error page on a website or mistyped your credentials, chances are you’ve generated an event processed by Log4j at some point.
