The cyber community’s scramble to address major vulnerabilities in the widely used code library Log4j is just the latest wake-up call about the security risks of the open-source software ecosystem — ...