Log4j Updated: How To Ask Your Provider For Remediation

About a week ago, we posted a blog detailing the Apache Log4j vulnerability and the necessity of contacting your software and website vendors regarding what, if anything, has been or needs to be done regarding this issue.

If you still have not contacted your vendors, an example email for remediation can be seen below. Bolded and [bracketed] text are examples and should be filled in with the relevant information prior to sending:

Subject: [Service Provided (Ex. Web Hosting & Development)] “Log4j” Vulnerability

Dear [Vendor Name]:

Please provide on company letterhead a response to your security posture regarding the log4j vulnerability.  We need to understand what you have identified as an issue, have remediated, or have determined as non-impact due to this vulnerability.

Regarding the log4j vulnerability, please review the following for each service:

                SERVICE: [Service Provided]  VULNERABLE (Y/N): ____   DATE OF REMEDIATION: _________

Please state the key contact for managing information and cybersecurity incidents.





Please reply to this in query within 5 business days.

For more information, check out our 8 questions to ask your vendors about Log4j here:

Need an estimate? Request a quote below!

0 comments on “Log4j Updated: How To Ask Your Provider For Remediation

Leave a Reply

Your email address will not be published. Required fields are marked *