Which factors are currently impeding your efforts to patch the Log4j vulnerability? (Select all that apply.)

Difficulty determining the extent of our exposure28%

Difficulty determining if third-party vendors have been affected42%

Third-party vendors who are unable or unwilling to patch Log4j35%

Lack of support32%

Lack of patch management controls20%

New versions that contain breaking changes18%

Affected software is no longer maintained18%

Insufficient human resources14%

Current update processes slow down remediation9%

Transitive dependencies are unclear9%

Software inventory is not updated11%

Patching Log4j has been deprioritized6%

Patching requires too much downtime5%

Other (Please share below!)3%


2.4k views1 Comment

Director, Information Security in Education, 1,001 - 5,000 employees
Biggest issue I’ve had is that Nessus flags the existence of affected files, regardless of if they’re in use, as a vulnerability and also will flag multiple vulnerabilities for the same file.

This results in an overwhelming number of things to identify and recast, and I’m sure it causes me to miss things.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
38.5k views128 Upvotes316 Comments

We provide company-wide training57%

We only train certain departments/roles32%

We have a targeted individual training approach.9%

I am unsure how we handle security training.3%



Yes, and we actively scan for these types of vulnerabilities.24%

Yes, but we're still working out our strategy for these attacks.59%

No, we're not concerned about zero-click attacks.15%

Other (please share below)0%


1.1k views1 Upvote