About a week ago, we posted a blog detailing the Apache Log4j vulnerability and the necessity of contacting your software and website vendors regarding what, if anything, has been or needs to be done regarding this issue.
If you still have not contacted your vendors, an example email for remediation can be seen below. Bolded and [bracketed] text are examples and should be filled in with the relevant information prior to sending:
Subject: [Service Provided (Ex. Web Hosting & Development)] “Log4j” Vulnerability
Dear [Vendor Name]:
Please provide on company letterhead a response to your security posture regarding the log4j vulnerability. We need to understand what you have identified as an issue, have remediated, or have determined as non-impact due to this vulnerability.
Regarding the log4j vulnerability, please review the following for each service:
SERVICE: [Service Provided] VULNERABLE (Y/N): ____ DATE OF REMEDIATION: _________
Please state the key contact for managing information and cybersecurity incidents.
Please reply to this in query within 5 business days.
For more information, check out our 8 questions to ask your vendors about Log4j here:
Need an estimate? Request a quote below!