{"id":45217,"date":"2022-02-09T19:10:00","date_gmt":"2022-02-09T19:10:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/"},"modified":"2022-02-09T19:10:00","modified_gmt":"2022-02-09T19:10:00","slug":"log4j-hearing-open-source-is-not-the-problem","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/","title":{"rendered":"Log4j hearing: &#8216;Open source is not the problem&#8217;"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/1_weakest-link_broken_rusted-chain_security-breach_hacked-100768643-large.jpg?auto=webp&amp;quality=85,70\" class=\"ff-og-image-inserted\"><\/div>\n<p>The high-tech community is still trying to figure out the long-term impact of the serious vulnerability found late last year in the open-source Apache Log4j software, and so is the US Senate.<\/p>\n<p>\u201cOpen source is not the problem,\u201d stated Dr. Trey Herr, director of the Cyber Statecraft Initiative with Atlantic Council think tank during a US Senate&nbsp;<a href=\"https:\/\/www.hsgac.senate.gov\/hearings\/responding-to-and-learning-from-the-log4shell-vulnerability\" rel=\"nofollow\">Committee on Homeland Security &amp; Government Affairs hearing<\/a> this week. \u201cSoftware supply-chain security issues have bedeviled the cyber-policy community for years.\u201d<\/p>\n<p>Experts have been predicting a long-term struggle to remedy the Log4j flaw and its impact. Security researchers at Cisco Talos for example stated that Log4j will be widely exploited moving forward, and users should patch affected products and implement mitigation solutions as soon as possible.<\/p>\n<p>The popular, Java-logging software is widely used in enterprise and consumer services, websites, and applications as an easy-to-use common utility to support client\/server application development. If exploited, the <a href=\"https:\/\/www.networkworld.com\/article\/3645409\/log4j-flaw-needs-immediate-remediation.html\">Log4j weakness&nbsp;<\/a>could let an unauthenticated remote actor take control of an affected server system and gain access to company information or unleash a denial of service attack.<\/p>\n<p>The Senate panel called on experts in order to find out about industry responses and ways to prevent future software exposures.<\/p>\n<p>Since Logj4 is found in open source software, experts spent a lot of time defending the use of open-source software in critical platforms.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id> <\/aside>\n<p>\u201cThe weakness in Log4j, which can be exploited by only typing in 12 characters, is just one example of how widespread software vulnerabilities, including those found in open-source code, or code that is freely available and developed by individuals, can present a serious threat to national and economic security,\u201d stated committee chairman Sen. Gary Peters (D-MI).<\/p>\n<p>\u201cIn terms of the amount of online services, sites, and devices exposed, the potential impact of this software vulnerability is immeasurable, and it leaves everything from our critical infrastructure, such as banks and power grids, to government agencies, open to network breaches.\u201d<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id> <\/aside>\n<p>But Cisco\u2019s security chief pushed back. \u201cIt is my opinion that open-source software did not fail, as some have suggested, and it would be misguided to suggest that the Log4j vulnerability is evidence of a unique flaw or increased risk with open-source software,\u201d Brad Arkin, Cisco\u2019s senior vice president and chief security officer told the committee. \u201cThe truth is that all software contains vulnerabilities due to inherent flaws of human judgment in designing, integrating, and writing software.\u201d<\/p>\n<p>\u201cCisco is a significant user of and an active contributor to open-source security projects. These are important efforts necessary to maintain the integrity of code blocks shared across foundational elements of IT infrastructure,\u201d Arkin stated. \u201cHowever, I believe that focusing narrowly on the risks posed by open-source software may distract us from other significant areas where we can address security risks inherent in all software.\u201d<\/p>\n<p>Atlantic Council\u2019s Herr said similar vulnerabilities are sure to crop up in the future. \u201cLog4j is an exceptionally widely used logging program,\u201d said Atlantic Council\u2019s Herr, \u201cand addressing its flaws has required significant effort and public attention, but it will not be the last time this kind of incident occurs.\u201d<\/p>\n<p>\u201cThe key for this body, and a watchword for federal efforts to improve the security of open source, is to fund the mundane\u2014providing resources where industry might not, or where public attention fades, to drive structural improvements in the security of software supply chains across all developers and maintainers. Better securing software supply chains and open-source code is an infrastructure problem, and the same long term investment model applies.\u201d<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id> <\/aside>\n<p>Jen Miller-Osborn, deputy director of threat intelligence with the Unit 42 security researchers at Palo Alto Networks recommended risk reductions as a response to Log4Shell and future vulnerabilities, including:<\/p>\n<ul>\n<li>Automate compliance with vulnerability management policies: \u201cWe applaud [the Department of Homeland Cybersecurity and Infrastructure Agency] for building and maintaining a catalog of known exploited vulnerabilities, but manual reporting across 100-plus federal civilian agencies is unlikely to stay ahead of the adversary.\u201d<\/li>\n<li>Drive industry-wide commitment to development security operations: \u201cImpressive work is already being done in this arena, but the community would be well-served by increasing adoption of existing development tools to control access to open-source components. These tools can scan all of the open-source packages for both integrity and security before they are approved and allowed for engineering teams to use in products.\u201d<\/li>\n<\/ul>\n<p>Cisco\u2019s Arkin stated that implementing secure architectures are critical to creating the necessary separation inside of systems to limit the impact of vulnerabilities and enable rapid recovery and resiliency.<\/p>\n<p>\u201cProper segmentation, for example, makes it difficult for an attacker to move laterally through the network, even if they can gain initial access by exploiting a vulnerability,\u201d Arkin stated. \u201cImplementing a <a href=\"https:\/\/www.networkworld.com\/article\/3571453\/how-the-network-can-support-zero-trust.html\">zero-trust<\/a> environment further protects critical data and systems from intrusion and exploitation by ensuring that every attempt to connect to the network and access important data and systems is examined.\u201d&nbsp;<\/p>\n<p>Arkin and others said secure software development and zero-trust networking requirements issued in <a href=\"https:\/\/www.nist.gov\/itl\/executive-order-improving-nations-cybersecurity\" rel=\"nofollow\">a presidential order <\/a>last year are important steps to follow, regardless of whether they would have prevented the Log4Shell vulnerability.<\/p>\n<aside class=\"nativo-promo nativo-promo-3 tablet desktop smartphone\" id> <\/aside>\n<p>The problem of imperfect code is not likely to go away, said stated David Nalley, president of the Apache Software Foundation. \u201cThe reality is that humans write software, and as a result there will continue to be bugs, and despite best efforts some of those will include security vulnerabilities. As we continue to become ever more connected and digital, the number of vulnerabilities and potential consequences are likely to grow,\u201d he said.<\/p>\n<p>\u201cThere is no easy software-security solution; it requires defense in depth\u2014incorporating upstream development in open-source projects, vendors that incorporate these projects, developers that make use of the software in custom applications, and even down to the organizations that deploy these applications to provide services important to their users,\u201d Nalley stated.<\/p>\n<div class=\"end-note\"> <!-- blx4 #2005 blox4.html --> <\/p>\n<div id class=\"blx blxParticleendnote blxM2005 blox4_html blxC23909\">Join the Network World communities on <a href=\"https:\/\/www.facebook.com\/NetworkWorld\/\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/network-world\" target=\"_blank\" rel=\"noopener\">LinkedIn<\/a> to comment on topics that are top of mind. <\/div>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/www.networkworld.com\/article\/3649003\/log4j-hearing-open-source-is-not-the-problem.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\nThe high-tech community is still trying to figure out the long-term impact of the serious vulnerability found late last year in the open-source Apache Log4j software, and so is the US Senate.\u201cOpen source is not the problem,\u201d stated Dr. Trey Herr, director of the Cyber Statecraft Initiative with Atlantic Council think tank during a US Senate\u00a0Committee on Homeland Security &amp; Government Affairs hearing this week. \u201cSoftware supply-chain security issues have bedeviled the cyber-policy community for years.\u201dExperts have been predicting a long-term struggle to remedy the Log4j flaw and its impact. Security researchers at Cisco Talos for example stated that Log4j will be widely exploited moving forward, and users should patch affected products and implement mitigation solutions as soon as possible.To read this article in full, please click here READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45218,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[539,307],"class_list":["post-45217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-cisco-systems","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log4j hearing: &#039;Open source is not the problem&#039; 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4j hearing: &#039;Open source is not the problem&#039; 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-09T19:10:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/1_weakest-link_broken_rusted-chain_security-breach_hacked-100768643-large.jpg?auto=webp&amp;quality=85,70\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Log4j hearing: &#8216;Open source is not the problem&#8217;\",\"datePublished\":\"2022-02-09T19:10:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/\"},\"wordCount\":1008,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/log4j-hearing-open-source-is-not-the-problem.jpg\",\"keywords\":[\"Cisco systems\",\"Security\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/\",\"name\":\"Log4j hearing: 'Open source is not the problem' 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/log4j-hearing-open-source-is-not-the-problem.jpg\",\"datePublished\":\"2022-02-09T19:10:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/log4j-hearing-open-source-is-not-the-problem.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/log4j-hearing-open-source-is-not-the-problem.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-hearing-open-source-is-not-the-problem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco systems\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cisco-systems\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Log4j hearing: &#8216;Open source is not the problem&#8217;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4j hearing: 'Open source is not the problem' 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/","og_locale":"en_US","og_type":"article","og_title":"Log4j hearing: 'Open source is not the problem' 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-09T19:10:00+00:00","og_image":[{"url":"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/1_weakest-link_broken_rusted-chain_security-breach_hacked-100768643-large.jpg?auto=webp&amp;quality=85,70","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Log4j hearing: &#8216;Open source is not the problem&#8217;","datePublished":"2022-02-09T19:10:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/"},"wordCount":1008,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/log4j-hearing-open-source-is-not-the-problem.jpg","keywords":["Cisco systems","Security"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/","url":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/","name":"Log4j hearing: 'Open source is not the problem' 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/log4j-hearing-open-source-is-not-the-problem.jpg","datePublished":"2022-02-09T19:10:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/log4j-hearing-open-source-is-not-the-problem.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/log4j-hearing-open-source-is-not-the-problem.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/log4j-hearing-open-source-is-not-the-problem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cisco systems","item":"https:\/\/www.threatshub.org\/blog\/tag\/cisco-systems\/"},{"@type":"ListItem","position":3,"name":"Log4j hearing: &#8216;Open source is not the problem&#8217;"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45217"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45217\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45218"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}