You may have heard the recent news around Log4j and its recently discovered JAVA-library vulnerability. As soon as we became aware of this vulnerability, we put together a team of our most senior EFS experts to assess the impact of it on our EFS platform. This team conducted a full review of all EFS modules and associated technologies, looking for any potential issues related to this vulnerability. We are pleased to confirm that any compromised components have been updated. Based on this extensive review, and the updates that have been implemented, we currently believe that our EFS software can be used safely.
We have increased the resources dedicated to reviewing the security of our EFS platform and continue to monitor the situation. Should any additional vulnerabilities be identified, we will take the necessary corrective actions to ensure the security of our EFS platform.
Many of our customers are using Tableau to visualise the results of their surveys. On 5th Jan 2022, Tableau provided information regarding mitigation measures that could be taken in relation to the recently identified Log4j vulnerability. We immediately implemented these measures which unfortunately led to approximately 2 hours of downtime for our Tableau services. We apologise to any customers negatively impacted by this downtime. The security of our software is of critical importance, and we felt it necessary to implement the recommendations immediately and therefore were not able to provide advance warning of this downtime. All services were resumed yesterday, and we anticipate no further downtime. We continue to monitor the platform and have not detected any anomalies that would indicate attempts to compromise our Tableau services.