Report is right about scanning and defenses
The log4j vulnerabilities were just another line item in a never-ending list of security issues my team had to deal with. I'd like to believe that here in 2022, most orgs have processes in place for discovering and remediating such issues. That it was found in so many places raised a few eyebrows, but we're all getting used to libraries that few of us have ever heard of before being used everywhere.
Likewise, I'd like to believe that here in 2022, most companies have deployed a WAF that can help block this sort of crap.
Biting the hand that feeds IT
