We use Log4J mostly in our development environment, where we write new code; less so in our test environment, where we use our new code ourselves to make sure it works well (a philosophy known as “eating your own dogfood”); and only rarely on our production environment, which is where our users are.

That reflects the normal approach to debugging: you want to find problems well before they reach users.

And we are aware of the guidance from the United States Cybersecurity and Infrastructure Agency about a recently discovered critical vulnerability in the Log4J software. Naturally we acted promptly upon getting that news and updated our software on all our environments!