Open Source and Trust

Of late, two major incidents involving open source software have been in the news. The more serious involved a Java logging package called “log4j”; the other involved a pair of JavaScript packages, “colors.js” and “faker.js”. The incidents were very different, but there are some commonalities and some important distinctions in the lessons we should learn.