Continuing worries about the Log4j software bug are consistent with my skepticism of open source software, Openness to Creative Destruction. You can find a brief discussion in the chapter defending patents.
(p. A6) WASHINGTON—A major cybersecurity bug detected last year in a widely used piece of software is an “endemic vulnerability” that could persist for more than a decade as an avenue for hackers to infiltrate computer networks, a U.S. government review has concluded.
. . .
“The Log4j event is not over,” the report said. “The board assesses that Log4j is an ‘endemic vulnerability’ and that vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer. Significant risk remains.”
. . .
Security researchers uncovered last December a major flaw in Log4j, an open-source software logging tool. It is a widely used piece of free code that logs activity in computer networks and applications.
For the full story, see:
(Note: ellipses added.)
(Note: the online version of the story has the date July 14, 2022, and has the title “Major Cyber Bug in Log4j to Persist as ‘Endemic’ Risk for Years to Come, U.S. Board Finds.”)
My book, mentioned above, is:
Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.