To support MIT Technology Review journalism, please consider become a subscriber.
At the very least, you would expect the world’s largest corporations and governments to work with highly paid professionals to solve the problem quickly.
The truth is the opposite: Log4J, which has become increasingly popular online, was set up as a volunteer service and still works for free, although millions and billions of companies rely on and benefit from it. every day. Yazici and his team are trying to fix it for nothing.
This amazing feature is based on the world of open source software, software that allows everyone to view, modify, and use their own code. It is a concept for decades that has become increasingly complex in the use of the internet. Going to the right, the source is open to success. When they do, it can be very dangerous.
“Open-source runs the internet and, in addition, the economy,” says Filippo Valsorda, a Google developer. And yet, he explains, “it is very common even for large construction projects to have a small group of caregivers, or even one unpaid caregiver to do the job.”
There is no discernment
“The team is working all the time,” Yazici told me by email as soon as I started reaching him. “And 6 am to 4 am (no, no typo in time) the change is almost over.”
During her long days, Yazici took time off pointing fingers at critics, tweeting that “Log4j administrators have been actively working on mitigation measures; repair, doctors, CVEs, questionnaires, and much more. Yet nothing stops us from being ridiculed, because of unpaid work, because of something we all do not like and yet must keep in mind for the sake of backsliding.
Before the Log4J threat made the anonymous but ubiquitous program a story, project manager Ralph Goers had three people who supported his work. Goers, who works at Log4J on a full-time basis, oversees repairing faulty faucets and extinguishing fires that cost millions of dollars. It is a very busy job looking for leisure time.
Lack of access to open source software is “a constant threat to the United States, to the most important things, to the bank, to earn money,” says Chris Wysopal, chief technology officer at security firm Veracode. “Open source systems are critical to the implementation of Linux, Windows, and web-based protocols. These are the biggest threats to the Internet.”