Last week, DHS’s Cyber Safety Review Board’s (CSRB) released a report reviewing the U.S. government and industry’s response to the Log4j Vulnerabilities first discovered in December 2021. The report stresses the Log4j event is not over and contends it will remain an “endemic vulnerability and that vulnerable instances of Log4j will remain in systems for many years to come.” The study also concluded that defenders from across government and industry collaborated and communicated in a dedicated fashion to address the incident. Finally, the report offers four categories of recommendations for enhancing better security in software products and augmenting government and industry’s ability to respond to severe vulnerabilities going forward. Access the full report at DHS.