The U.S. Department of Homeland Security's Cyber Safety Review Board has warned that the Log4j security flaw discovered in December has become "endemic," with vulnerable instances expected to persist for at least a decade, according to SiliconAngle.
Even though Apache had promptly acted on the security flaw, organizations with vulnerable devices have struggled in remediating their systems, noted the CSRB in its report. Resources have also been lacking to ensure open-source code's compliance with secure coding metrics.
Meanwhile, the continued evolution of cyber vulnerabilities to become more sophisticated has been emphasized by VMware Global Security Technologist Chad Skipper, who noted that VMware had monitored over 25 million attempts to exploit Log4j.
On the other hand, Chainguard CEO Dan Lorenc said that preventing another Log4j is possible as long as the open-source community is given increased support, security standard definitions are established, and built-in security is prioritized by private and public entities.