>>14084635Try responding to the log4j critical race vulnerability In a massive Enterprise environment that uses massive amounts of third party Java software
Imagine coming into work on wednesday and the idiots in risk management, who don't understand how software dev or Java works, say they "scanned the enterprise for log4j and they program is not running on any machine"
Now imagine on thursday as their vulnerability scanner receives updates they now know of 19,000 programs running in the Enterprise that have log4j dependencies
Now imagine on Friday they get another update for the tool and whoopsy 75% of all production assets are running affected software.
Now imagine my weekend.
