Log4J — Apache’s Java-based logging utility, has exposed once again the complexities of securing applications that use open-source code libraries. “SBOMs are a start but they are only a piece of the puzzle,” InformationWeek reports on the need for SBOM.