"At a surface level, the numbers above show that the massive effort to remediate the Log4Shell vulnerability was effective in mitigating risk of exploitation of the zero-day vulnerability. That should not be surprising, given the awareness and pressure within the development community to address critical vulnerabilities", said Chris Eng, Chief Research Officer at Veracode.
Prior investigations from Veracode also showed that 79 percent of all developers never update third-party libraries after first introducing them into projects, and given that Log4j2 - the specific version of Log4j affected by the vulnerability - dates back to 2014, this could explain the large proportion of unpatched apps.
[
add
]
[
|
|
...
]