In Part 4 of the Log4j retrospective series , I want to highlight the key takeaways. Many more lessons will be uncovered as the hunt to eradicate this vulnerability moves forward. However, there are already five fundamental takeaways. \r\n 1. The new norm \r\n Both the complexity of software and the rate at which end users demand new features continue to grow rapidly and without bounds. In order to satisfy the needs of end users in the time frames required, developers must rely on a rapidly growing set of available libraries, language ecosystems, and third-party infrastructure and services. As a result, larger and larger portions of the functionality of any piece of software is composed of components the developers themselves may never have touched or understood fully. \r\n In any software dependency graph, vulnerabilities are inherited from leaf nodes, or shared code and services, upward to the root node, or the product being programmed.…