Lessons from the Log4Shell incident

https://leaddev.com/software-quality/who-responsible-open-source-security