Log4j and Other Issues in Open-Source Software
CyberWire wrote about the recent CISA warning on Log4j. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog now includes Log4shell, and that’s consistent with the agency’s aspiration, expressed clearly during yesterday’s media call, of serving as a single authoritative source for information on risk and remediation. The agency’s leaders, while emphasizing the seriousness of the vulnerability, nonetheless offered a broadly optimistic view of the response.
Cyberwire tapped K2 Cyber Security’s CEO and Co-Founder, Pravin Madhani for commentary.