Number of vulnerable Log4j downloads remains high one year on

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available. Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected. The dashboard shows the percentage of Log4j downloads that remain vulnerable -- currently running at around 34 percent since last December -- it also shows the parts of the world that have seen the highest percentage of… [Continue Reading]