At 2:51 p.m. on Nov. 24, members of an open-source software project received an alarming email. The contents threatened to undermine years of programming by a small group of volunteers and unleash massive cyberattacks across the globe.
“I want to report a security bug,” wrote Chen Zhaojun, an employee on Alibaba Group Holding Ltd.’s cloud-security team, adding “the vulnerability has a major impact.”
The message went on to describe how a hacker could take advantage of Log4j, a widely used software tool, to achieve what’s known as remote code execution, a hackers’ dream because they can remotely take over a computer.
The message ultimately set ...