(In log4j, you just modify a simple properties file.) You can easily turn categories of messages on and off so you can see debug messages when you’re debugging, but easily turn them off when you ...

"With Log4j, preventing the entire class of bugs that cause it is going to be hard with today's technology, but stuff like fuzzing and safe-by-default language/library design can help a lot.

Even worse, in the case of Log4j, it may be extremely hard for even security professionals to understand whether this code is part of their applications and thus a potential risk. Like much open ...

China’s largest cloud service provider said it would improve compliance after it was disciplined by the government for failing to first report the Log4j vulnerability to Chinese authorities.

Researchers at cybersecurity giant Check Point said today that they’ve observed attempted exploits of the Log4j vulnerability, known as Log4Shell, on more than 44% of corporate networks worldwide.

Security professionals say it is one of the worst computer vulnerabilities they have ever seen as agencies in the United States and Australia sound the alarm on Log4j software.