Lessons from the Log4Shell incident

https://zporigin.leaddev.com/software-quality/who-responsible-open-source-security