On Dec. 9, word of a newly discovered computer bug in a hugely popular piece of computer code started rippling around the cybersecurity community. By the next day, nearly every major software company was in crisis mode, trying to figure out how their products were affected and how they could patch the hole.
The descriptions used by security experts to describe the new vulnerability in an extremely common section of code called log4j border on the apocalyptic.
“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency director, said in a Thursday interview on CNBC.
So why is this obscure piece of software causing so much panic, and should regular computer users be worried?
#Log4j: "the most serious security breach ever" – a good overview of the multiple issues, complexities, dependencies, knock-on risks & similar around the log4j vulnerability – and the severe challenges to fully mitigating it both short- & long-termhttps://t.co/B10tizs4sN
— Kevin A. O'Brien (@kaobrien15) December 22, 2021