Which factors are currently impeding your efforts to patch the Log4j vulnerability? (Select all that apply.)

Threat & Vulnerability ManagementThreat Intelligence & Incident ResponseThird Party Risk Management (TPRM)

Difficulty determining the extent of our exposure28%

Difficulty determining if third-party vendors have been affected42%

Third-party vendors who are unable or unwilling to patch Log4j35%

Lack of support32%

Lack of patch management controls20%

New versions that contain breaking changes18%

Affected software is no longer maintained18%

Insufficient human resources14%

Current update processes slow down remediation9%

Transitive dependencies are unclear9%

Software inventory is not updated11%

Patching Log4j has been deprioritized6%

Patching requires too much downtime5%

Other (Please share below!)3%


439 PARTICIPANTS
2.4k views1 Comment
Director, Information Security in Education, 1,001 - 5,000 employees
Biggest issue I’ve had is that Nessus flags the existence of affected files, regardless of if they’re in use, as a vulnerability and also will flag multiple vulnerabilities for the same file.

This results in an overwhelming number of things to identify and recast, and I’m sure it causes me to miss things.
1

Content you might like

What are your thoughts on SaaS management platforms (SMP)?

People & LeadershipStrategy & ArchitectureCloud+87 more
883 views4 Upvotes

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
38.5k views128 Upvotes316 Comments

How do you approach security awareness training for your organization?

People & LeadershipStrategy & ArchitectureProcess Management+8 more

We provide company-wide training57%

We only train certain departments/roles32%

We have a targeted individual training approach.9%

I am unsure how we handle security training.3%


230 PARTICIPANTS
571 views

What defense-in-depth tools are you using?

Threat & Vulnerability ManagementSecurity Operations Center (SOC)Vendor/Product Recommendation
1.2k views

Israeli security firm NSO Group has been exploiting a significant security flaw in Apple iPhones since February using a worrisome "zero click" attack. Are these cyber attacks a major concern for your organization?

Security & GRCThreat & Vulnerability ManagementNews

Yes, and we actively scan for these types of vulnerabilities.24%

Yes, but we're still working out our strategy for these attacks.59%

No, we're not concerned about zero-click attacks.15%

Other (please share below)0%


516 PARTICIPANTS
1.1k views1 Upvote