Log4J

So take a very simple requirement like logging output from your software and let’s use a big framework like Log4J which is packed full of functionality which you don’t need nor do you understand.

What could possibly go wrong?

Log4J is a bit of a wake up call about the how developers do need to be more careful about what code and tools they include in their software. Complexity is a real problem when it comes to security. It is analogous to the problems that Covid exposed in our supply chain.

This all ties into how we think about quality insurance. Pranshanth and I discuss this in this video.

Open

Question is - how well is this problem understood in the wider industry? At this point not too widely I think.