自去年年底 Log4Shell 漏洞的爆出，很多人及企业将其标记为过去十年以来最严重的漏洞之一，而如今，它的影响还在继续。 从质疑到弃用 不过，即使如此，也并没有让人或者自动化安全工具“放心”。在不少开发者使用过程中，很多自动化安全工具仍然直接将 ...

CISA created a landing page for all Log4j vulnerability content and is providing insight alongside the Joint Cyber Defense Collaborative that includes multiple cybersecurity companies. CISA added the ...

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you'll see thousands of entries. Humanity has put a man on the moon, but we still haven ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...