ABSTRACT

Review of the December 2021 Log4j Event   [open pdf - 1MB]

From the Document: "President Biden directed the establishment of the Cyber Safety Review Board (CSRB, or the Board) to review significant cyber incidents and provide 'advice, information, or recommendations for improving cybersecurity and incident response practices and policy.' [...] The Board's first charge was to review the events surrounding the December 2021 disclosure of the Log4j vulnerability. Log4j is a piece of open source software that developers have integrated into millions of systems. A vulnerability in such a pervasive and ubiquitous piece of software has the ability to impact companies and organizations (including governments) all over the world. As such, the Log4j event drives home the urgency with which we must move to a culture of shared responsibility around managing cyber threats. The scope of this report, and to whom we are directing the recommendations, reflect this observation."

Publisher:
Date:
2022-07-11
Copyright:
Public Domain
Retrieved From:
Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations
Listed on Cyber Crime and National Security [Featured Topic]