If you’re in tech at all, you’ve likely heard of the Log4Shell exploit taking over the Intertubes. If you’re not a Java developer (or developer of any sort), you may be left scratching your head as to just what’s going on. This post is split into two parts: an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.

Speak with any customer in tech and the word Kubernetes will surely find its way into the conversation at some point or another. In terms of orchestration, automating deployments, scaling, managing containerized applications to meet growing customer demand, Kubernetes provides users with extensibility and flexibility.

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

By now, you already know of — and are probably in the midst of remediating — the vulnerability that has come to be known as Log4Shell and identified as CVE-2021-44228. This is the vulnerability which security researchers disclosed on Friday (10 December 2021) for Apache’s Log4j logging framework. In this article, we’ll explore a few key Log4j facts as well as actions you can take to protect yourself and your company.

When DevOps emerged more than ten years ago, the main focus was to bridge the gaps between dev and ops teams. This was achieved by introducing automation to the processes of designing, building, testing, and deploying applications. But as development teams continue to deliver faster and more frequently, security teams find it difficult to keep up. Often, they become the bottleneck in the delivery pipeline.