As a fellow maintainer of an open source project, this is an intense and somewhat scary read. Thanks to @grobmeier.de for being so open to talk about what he experienced and @github.com for initiating their Secure Open Source Fund!
github.blog/open-source/...
Log4Shell proved that open source security isn't guaranteed and isn’t just a code problem.
