7. Steve Povolny

The world is talking about Log4j vulnerabilities as they continue to pose a complex and high-risk situation for companies. Exploitation attempts and testing were on the rise in December.

Steve Povolny is head of advanced threat research and principal engineer at McAfee Enterprise. He made waves this week for finding the silver lining regarding the Log4j attacks.

Povolny said that the good news is this vulnerability gained global attention and discussion within hours of public acknowledgement. It has received more attention and awareness than any bug he’s seen in at least the last five years.

Povolny also pointed out that the public’s attention should be focused on forensics exercises and remediation that may be going on with now-patched systems for months to come.

“Organizations need to understand that even if they have secured their infrastructure from exploitation against the log4shell vulnerability, it is highly possible and perhaps likely that many of these components were silently breached, and effectively hidden,” he said.

Edward Gately’s article outlines what the experts have to say about Log4j.