Java logging library widely adopted across commercial, enterprise, and critical governmental systems. A severe security vulnerability — dubbed the biggest, most critical vulnerability of the last decade — came to light and exposed how little the industry understood open source: a handful of unpaid maintainers came under fire from multi-million-dollar companies while issuing a humble plea for patience and shipping the patch. Once patched, the case was forgotten and the maintainers received no lasting support.