I’m happy that none of the vendors I work with have done anything so crass…yet. Whilst the Incident Response community is fighting fires, they really don’t need “we told you so” or “if only you’d used our magic bullet”…:
If you use log4J as an excuse to market your product, push shit like 'we would have detected this and stopped it before anyone else', or generally not add value other than PR, maybe have a rethink about this approach.
It doesn't help right now #log4j
— Daniel Cuthbert (@dcuthbert) December 13, 2021