Software Bill of Materials Among Recommended Mitigations
A flaw in ubiquitous open-source logging utility Log4j may plague systems for the next decade or longer, making it an “endemic vulnerability,” declared a panel of U.S. public and private sector security experts.
The vulnerability, known as Log4Shell, burst into public awareness late last year when code developer Apache Software Foundation set off a global race between systems administrators and hackers when it fixed the bug.
Despite a flurry of warnings, many systems remain open to hackers exploiting unpatched systems, ensuring that what seemed like a sprint is a marathon.
It could be worse, concluded the Cyber Safety Review Board, a federally run committee established by a…