Big thanks to all the team at Qlik for committing so much resource to keep us all safe with this globally reported exploitation. This week we saw what happens when mistakes (polite term) happen and we find ourselves exposed to the Log4j exploit. 

I should point out that this incident was not associated with Qlik. It demonstrates how real the threat is.

Going forward we need, please, an improved method of communicating this type of threat. They are high severity and high impact with potential for commercial consequences and part of the world that we live in.  Perhaps Qlik should keep CISO/CDO contacts listed for emergencies on contracts?

Earlier this year Qlik quietly encouraged all its customers to plan an upgrade of Qlik Sense and NPrinting to a release that has a compliant (supported) version of PostgreSQL.

Please note, to achieve compliance this is not a standard (upgrade), in fact it requires a reinstall with some additional steps.  Not all customers have done this yet.  I urge you to plan this asap with your trusted advisor/partner to reduce risk and maintain a healthy cyber posture relating to your Qlik footprint. 

Big thanks again to Qlik dev/engineering team for their great work in keeping us safe.

Idea: To add a Cyber Security contact field to SaaS and all products as appropriate.