So far, nobody. Not the open source developers, who responded fast and professionally, and not the companies who handled the risk within a day or two.
Eventually, however, we will have to blame (or complain) about those companies who got cracked because they did not remove the vulnerability in time.
Continue reading “Who to Blame for the log4j Vulnerability?”