Using Secure by Design as a guiding principle, we reason about what was the fundemental problem of the log4j incident "Log4Shell" that hit hard in december 2021. The vulnerability hit the IT world like a Lousianna Slugger, and similar will hit again. But the problem is not just the frameworks, but also how we design our applications. Even if a framework becomes vulnerable, the applications need not to be possible to exploit.

So, what do we do? We walk through a few designs and design principles and see what this incident can teach us about how systems should be designed.