|
|
|
|
|
|
by sophacles
1365 days ago
|
|
|
The point was that people thought "Oh surely log4j was vetted by the big companies that depend on it - I mean it must be OK if AcmeCorp uses it!". (or openssl, or sendmail, or ...). That's not too different from "Oh look at all these big tech companies using it, they must have vetted the telemetry". Maybe a little extra caution is warranted. |
|
|