Less than a week ago, on December 9th, security researchers discovered a flaw in the software library Log4j, a widely used software library estimated to have over 100 million instances globally. The flaw has been ranked 10 out of 10 on the Common Vulnerability Scoring System (CVSS) due to the potential impact it might have when exploited by hackers.
Details are provided in the National Vulnerability Database (NVD) under the CVE dictionary entry CVE-2021-44228 initially published on 10 December 2021. According to an article published on Wired, The Log4J Vulnerability Will Haunt the Internet for Years.
Already system administrators and security professionals are scrambling to protect their systems. The servers we operate, including those used for the GPWA, underwent emergency updates and reboots to address this new zero-day vulnerability this morning.
For today's poll I ask about your response to vulnerabilities such as this. How quickly do you assess and respond to serious threats like Log4J? Do you research and respond right away? Do you wait for updates to be provided by your software providers and install them right away? Or do you wait and apply updates for issues like this well after they are available by your software providers? Or do you view that handling vulnerabilities like this is outside the scope of what you do?
Michael