You’d think we’d be done with this infamous bug. A year ago, if you’d asked someone what open source Java logging library https://logging.apache.org/log4j/ was, you’d get a lot of blank glances.
It was just some harmless logging program way deep in the code.
As security company, https://www.nextron-systems.com/ head of research, https://www.linkedin.com/in/floroth/, tweeted, “Thehttps://twitter.com/hashtag/Log4Shell?src=hashtag_clickhttps://twitter.com/hashtag/Log4Shell?src=hashtag_click vulnerability isn’t just an RCE [Remote Code Execution] 0day.
Regarding proprietary software security woes, https://www.linkedin.com/in/charliejones-/, a security company https://www.reversinglabs.com/ Software Assurance Evangelist, expects the impact of Log4Shell to rival that of MS-17-10.