Case Study: CAE achieves rapid Log4j remediation and continuous open-source security with Mend

CAE Uses Mend to Secure Applications from the Log4j Threat

CAE, a Montreal-based high-technology company with about 11,000 employees, 180 sites and more than 70 years of industry-firsts, relies on digital immersion solutions for civil aviation, defense and healthcare. As its use of open source grew, CAE became concerned about security liabilities; when the critical Log4j vulnerability (CVE-2021-44228, CVSS 10) was disclosed, the company needed to find and patch every instance immediately.

By using Mend’s Bolt/Teams integrated into their CI pipeline, CAE had continuous scans and a full inventory of open source components, which produced exact paths to vulnerable libraries. Mend’s reports let the DevSecOps team identify all Log4j instances in under an hour, quickly notify project owners, and remediate across the cloud estate—significantly reducing exposure—and provided management-ready graphical reports and prioritization rules to lower ongoing security debt.

CAE

Hugo Tessier

DevSecOps Specialist