I have been surprised how the Log4Shell vulnerability has not made it in the mainstream press more. This is one of the most serious vulnerabilities I have seen in my career.
When I talk to my non-tech friends and family members, they haven’t heard of Log4Shell or Log4j.
One of the successes of the Heartbleed vulnerability response is that everyone understood they needed to do something.
The visual of the Heartbleed name and logo helped.
We can’t do anything about the Log4Shell name. It is not a good one. It does not have a real world comparable that can grab people’s imagination.
We can do something about the visual, however. We will likely need people to patch certain things.
If Log4Shell is a thing in their mind, then they will be more likely to act.
In that spirit, we are providing a Log4Shell logo. It is a takeoff of the Log4j logo. It hopefully communicates that Log4Shell is “bad”.
We are releasing this image under the Apache 2.0 open-source license: https://www.apache.org/licenses/LICENSE-2.0
Everyone is free to use it. We just ask that you give attribution to Fractional CISO and link to this page.
Something like, “Log4Shell logo is provided courtesy of Fractional CISO, LLC.”
Good luck and happy patching
For more information on the Log4j vulnerability check out this page: https://fractionalciso.com/serious-vulnerability-log4j/
