The U.S. Federal Trade Commission called on all companies utilizing Java-based software Log4j to identify and remedy the program's reported vulnerabilities. The FTC warned the vulnerability is "being widely exploited by a growing set of attackers" and companies are obligated to take "reasonable steps to mitigate known software vulnerabilities" under various laws, including the FTC Act and the Gramm-Leach-Bliley Act. The commission added that it "intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure."
