Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software supply chain security begin to get filled in.
Log4j was a crippling event for many organizations that struggled to understand whether and where they were even running the popular open source logging utility in their environments. But Log4j also forced the industry come to grips with the transitive nature of software supply chain exploits and just how easy it is for exploits to leap across software dependencies. It was not a fun way for security teams to end 2021.