InfoWorld

Log4j orthogonality by example

Orthogonality is a concept often used to describe modular and maintainable software, but it’s more easily understood by way of a case study. In this article, Jens Dietrich demystifies orthogonality ...
MIT Technology Review

The internet runs on free open-source software. Who pays to fix it?

Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong. Right now, Volkan Yazici is working 22 hour days for ...
Ars Technica

Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit

Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the ...
Bleeping Computer

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent ...
MarketWatch

Top cyber official has never seen a more ‘serious vulnerability.’ Here’s what you should know about Log4j

In the months since the Apache Software Foundation announced a major security vulnerability in its Log4j 2 software library, cybersecurity experts have said they’ve seen attacks targeted across a ...
ZDNet

Google unleashes security 'fuzzer' on Log4Shell bug in open source software

The remotely exploitable flaw in Log4j – the widely deployed Java error logging library -- is being attacked by multiple actors and likely will remain so for many ...