LXer: Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?
by LXer from LinuxQuestions.org on (#5T1G4)
Published at LXer:
The disclosure of a critical security hole in Log4j last week has renewed calls to rethink how open-source software gets developed, paid for, and maintained, not that the long-simmering issue ever really went away. The Log4j bug, an unauthenticated remote code execution flaw (CVE-2021-44228) in Apache's open-source Log4j Java-based logging library, is particularly serious and far-reaching because exploitation is not difficult and the software is widely used and buried deep within many programs.
Read More...
The disclosure of a critical security hole in Log4j last week has renewed calls to rethink how open-source software gets developed, paid for, and maintained, not that the long-simmering issue ever really went away. The Log4j bug, an unauthenticated remote code execution flaw (CVE-2021-44228) in Apache's open-source Log4j Java-based logging library, is particularly serious and far-reaching because exploitation is not difficult and the software is widely used and buried deep within many programs.
Read More...