The Log4j vulnerability how can we all do better next time?