28.Lock Globe

“Log4j has been around for 20 years; it’s become embedded into nearly every meaningful Java application; and the Log4Shell event led to compromises in everything from iCloud to physical security systems. Moreover, malware groups are continuing to exploit unpatched Log4j instances. We will likely see additional Log4Shell-like events unless we address its root issues.”

Happy 2023 Linux Foundation members and open source community readers! Recently at the Open Source Security Foundation, we shared several notable updates you won’t want to miss, including: 

  • A retrospective on Log4Shell in which Brian Behlendorf, General Manager of the OpenSSF, takes a look at what we’ve learned over the past year related to the core issues around software supply chain security and vulnerability disclosure, the unique nature of securing open source software (OSS), and the best techniques for improving OSS security moving forward. 
  • News about our global engagement efforts focused on collaborating with leaders in the public and private sectors to further the ecosystem understanding of open source software security. 
  • A recap of our year that highlighted the many accomplishments of OpenSSF working groups and projects. As we reflect on the past year and forge ahead, we invite you to get involved and help make the OSS ecosystem more secure.