The Log4j flaw hasn't led to massive hacking attacks. But that doesn't mean the threat is over

An early analysis of Log4Shell suggests quick action by tech vendors and open-source software developers averted a crisis. But the bug will lurk in systems for years to come.