REPORTS

Rezilion’s Log4j Blindspots Research Analysis


The biggest challenge with Log4j lies in detection within packaged software in production environments: Java files (such as Log4j) can be nested a few layers deep into other files – which means that a shallow search for the file won’t find it.

To estimate how big this Log4j blindspot is, Rezilion’s vulnerability research team conducted a survey where multiple open source and commercial scanning tools were assessed against a dataset of packaged Java files where Log4j was nested and packaged in various formats, all commonly used by developers and IT teams.

 

 

Download this ebook to learn:

  • Which scanners did better than others? Were any of the scanners able to detect all Log4j formats?

  • Side-by-side scanner comparison matrix based on Rezilion’s original research.

  • Considerations of Log4Shell within a production environment a development, CI/CD and staging environment.