Lessons from the Log4Shell incident

https://zephrcf.leaddev.com/software-quality/who-responsible-open-source-security