The recently discovered flaw in Apache’s Log4j software continues to stress security teams and put many organizations at risk. Because Log4j is very difficult to detect, many scanners may not detect it.
Rezilion researchers conducted a survey using multiple open sources and commercial scanning tools and assessed the tools against a dataset of packaged Java files where Log4j was nested and packaged in various formats. While no scanner was able to detect Log4j in all formats initially, several scanner makers were quick to respond and update their technology to find the bug.
In part two of our webinar series on Log4j, Rezilion’s head researcher, Yotam Perkal, welcomes guests from Anchore and Mergebase to discuss their reaction to the Rezilion research, as well as takeaways on what they are seeing now with Log4j, and what they expect the future holds.
Watch this on-demand webinar and you will learn:
The pressing concerns that continue around Log4j
What other industry experts think about the future of this vulnerability
Suggestions and takeaways for protecting your organizations against the Log4j vulnerability