Threatrix Blog

Enterprise open source security & compliance

Blog Background

Results for:

Clear

Category: LOG4J

Clear
Threatrix
Security and License Compliance Awareness is the Theme of Open Source 2022

Open-source software is in all software development, and we’ll see even more growth continue in 2022. Every industry vertical uses and develops open-source software, and all businesses are considered software companies. As a result of the pandemic, more businesses offer their products and services online or through apps.

Threatrix
Threatrix Apache Log4j Detection Demonstration

Keeping current with Log4j dependencies and new exploits is a complex and ongoing challenge. Organizations struggle to find the proverbial needle in hundreds of haystacks in a constantly changing environment. Then there is the issue of finding the right security tool to use across numerous applications and networks.

Your Scanner Is Still Missing Log4j
Your Scanner Is Still Missing Log4j

As a result of Log4Shell’s popularity and easy exploitability, its potentially severe impact is tremendous. What has emerged is not just how mainstream it is, but how deeply woven it is into the software we use, and how difficult it is to detect. Log4Shell Detection Because it is common across open source and third-party applications, […]

The FTC Will Pursue Companies Not Patching Log4j to Protect Customer Data
The FTC Will Pursue Companies Not Patching Log4j to Protect Customer Data

Log4Shell exploits are present in 17,000 unpatched Log4J packages in the Maven Central ecosystem, posing a significant supply-chain risk. Google security estimates that approximately 17,000 Java packages in the Maven Central repository are vulnerable to Log4j – and that it will take “years” for it to be fixed across the ecosystem.