Dirk Riehle's Industry and Research Publications

The success of log4j

log4j (2) demonstrates the tremendous success of the open source development model (and not the opposite, as some might believe because of the recent vulnerability).

A huge number of companies use log4j in their products. What else spells success better?

However, what those companies failed to do is to properly manage their risk, here the dependency on open source. That’s on the companies, and not on the open source model, which works just fine, thank you.

Bugs happen, and exploits also. Sooner rather than later, there will be other bugs and exploits, in open source packages and (increasingly less so) closed software. The problem and the risks won’t go away.

What counts is how companies manage this risk. Maybe the log4j vulnerability could have been avoided if companies had pooled money and funded its development better. Or maybe not. This again is not a problem with open source, but with the companies not managing their dependencies right.

Newsletter subscription


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Share the joy

Share on LinkedIn

Share by email

Share on X (Twitter)

Share on WhatsApp

Featured startups

QDAcity makes collaborative qualitative data analysis fun and easy.
EDITIVE makes document collaboration more effective.

Featured projects

Making free and open data easy, safe, and reliable to use
Bringing business intelligence to engineering management
Making open source in products easy, safe, and fun to use