Go Back

Log4j Ended Up In Your Application, Now What?

While Open-Source libraries are generally taboo in the enterprise, they may have made their way into your portfolio under pressure to deliver. Log4j is one. Here's how it impacts you and what you can do about it.

Log4j provides a convenient way to capture an application's activity. When transactions, connections, and critical processes go wrong, a log is necessary to help resolve the issue. Logging good, Log4j bad. Why?

Log4j is an Open-Source library used in many enterprise software projects and is also included in millions of other third-party Open-Source libraries you may use and not even know it's there. But Log4j is only one Open-Source library of thousands. How many more libraries is your organization using that are just waiting to be exploited as vulnerabilities by bad actors?

Governing your hand-coding standards requires enforcement. Again, under pressure to deliver, code reviews may not be enough. This is one of the many reasons CIOs are considering a machine-generated application platform, one that is capable of sophisticated needs while creating pure code at each and every build.

Unique to these platforms, if a vulnerability is discovered, the application error is more easily located and fixed. Your entire application portfolio can regenerate nearly instantaneously. No more costly and extensive search and contain missions. With the click of a button, rewrite whole applications as though the vulnerability was never there.

Almost all businesses are using a low-code application platform of some type for building more productively and cleanly. You can now produce pure source code without runtimes. ZDNet reports 83% of CIO's intend to make more use of these platforms. The alternative to Open-Source is your own source. Taking control now avoids adding technical debt and impactful security threats. 

----

What is Log4j? 
It's reported to be used in millions of servers worldwide, but has now been credibly identified as a severe vulnerability waiting to be breached. Often incorporated out of pressure to deliver and save time, or offshoring to save money, we now know Log4j isn’t without hidden cost. The breach you see in many headlines will have far reaching impacts. Many organizations have yet to uncover how deep they go. Finding and replacing or updating Log4j across your portfolio has now added to your technical debt. Retiring this dangerous debt is yet another distraction in a race before it’s exploited. 

© 2022 Graphite GTC