![[article image]](https://cacm.acm.org/system/assets/0004/4270/111822_CACMpg43_CSRB.large.jpg?1668803194&1668803194 "XKCD illustration of a modern digital infrastructure")
Last July, the Cyber Safety Review Board (CSRB), established by President Biden in May 2021 to review significant cyber incidents and provide "advice, information, or recommendations for improving cybersecurity and incident response practices and policy," published its first report: "Review of the December 2021 Log4j Event" (https://bit.ly/3cTzXtn)
The Log4j logging utility has been integrated into millions of Apache systems. "A vulnerability in such a pervasive and ubiquitous piece of software has the ability to impact companies and organizations (including governments) all over the world," according to the CSRB report.