The Log4j lessons: so what IS vulnerability management anyway?

In our first Log4j lessons blog, we focused on the necessity of becoming very, very good at patching, and making it a well-documented and automated routine in your IT-environment. This might sound obvious, but many organizations hit serious hurdles in their initial Log4j handling because their patch machine did not start cold. Our main takeaway … Read more


The Log4j lessons: If it ain’t broke, fix it now!

A blog series with the title The Log4J lessons might suggest that the fallout of the Log4j vulnerability is mostly behind us. Indeed, since the end of 2021, there has been a tremendous effort from technology vendors, SOC’s and IT departments to mitigate this threat. But given the widespread usage of this open-source logging library and the … Read more