Tag Archives: Zero day

After Log4Shell, how can we tackle a possible pandemic of open source exploits?

by Anthony Musk

If a week is a long time in politics, a month can sometimes feel like a lifetime in cybersecurity. Few of us working in cyber at the start of December could have predicted how the run up to Christmas would pan out. In the end, Log4Shelland the subsequent vulnerabilities found in Log4j made it several weeks of sleepless nights and anxious Zoom calls. The truth is that the logging utility is so ubiquitous, related threats will be with us for months or even years to come.

But that’s not the end of the story. Unfortunately for security professionals, their employers and customers, there’s a much wider concern. Trend Micro has been one of several authoritative voices warning of the impact of open source bugs on the security of the digital world. Unless we take action soon, Log4Shell could be the start of an extremely unwelcome trend: a cyber-pandemic fuelled by open source exploits.

Continue reading