What the log4j incident taught us about Secure by Design - Daniel Deogun & Dan Bergh Johnsson