1 article with this tag
Log4j's CVSS 10.0 bug. The real fear was the transitive dependency — being affected through a library you didn't know you used. A passive logging path became an attack vector. SBOM, machine-monitoring, fast patching, and following the follow-up CVEs are the lessons.