Forecasting log4j worms
I've concluded the Log4J worm forecast. As far as I'm able to tell - there is no evidence of an obviously verifiable worm spreading in the wild using Log4J. I'm open to being corrected, but I've scored it as such in the meantime. Here's the writeup.
Forecasting log4j worms - Risk Measurement
Update: This forecast has been scored! 🎉 The outcome was No, and was a big error (~0.860) compared to our track record. Below is some of the insight before and during the forecasting window. This helps us understand our mindset at the time of forecasting. A lot of summarized retrospective can be pulled from this MalwareTech explanation. Additionally, we have since done some work bolstering our worm classification for future forecasting.
Lots to learn from in hindsight, but the discussion and process was still valuable.
Don't miss what's next. Subscribe to Risk Measurement: