Companies Didn’t Prioritize Third-Party Sources of CVEs, Here’s What Happened
Last December, Veracode reported that more than a third of Java applications still use vulnerable versions of the Log4j Java logging library. This after many engineering teams dropped their regular work and spent their time remediating the remotely exploitable Log4Shell vulnerability that infected many instances of Log4j. After more than two years of finding and updating […]
