Post

Vendia's Response to CVE-2021-44228

A note on the impact to Vendia and our customers

James Gimourginas
Director of Solutions Architecture and Customer Success

Last updated: December 13, 2021

Vendia's Response to CVE-2021-44228

Vendia is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" library.

After an internal investigation by our engineering teams, we have determined that Vendia infrastructure and systems are not affected by this vulnerability. Vendia does not directly utilize Log4j2 in any of our software. As such, none of our applications require mitigation. Vendia does utilize third-party services from cloud providers. These cloud service providers - including AWS and Azure - are actively mitigating the vulnerability and are publishing their own updates as they become available.

Vendia prides itself on leveraging the best of serverless from across major cloud service providers. One of the benefits of this approach is minimizing our risk and impact from security issues like this one: as AWS and Azure make updates, our serverless architecture is updated automatically. With very capable teams addressing the security issue across cloud providers, we can continue focusing on building new features.

James Gimourginas
Director of Solutions Architecture and Customer Success

James leads as the Director of Solutions Architecture and Customer Success. He’s passionate about matching digital innovation with customer challenges to create novel, impactful solutions at scale. (He’s also an advocate for the perfect cup of tea.) Look for James in The New Stack and as a frequent guest in our Circles of Trust podcast.

Explore more with James Gimourginas