A year later, Log4Shell still lingers


72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests.

A vulnerability that’s difficult to eradicate

When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk.

In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours to identification and remediation efforts. One federal cabinet department reported that its security team devoted 33,000 hours to Log4j vulnerability response alone.