> The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.<p>Or as the Washington Post[1] summarizes, "Companies that don’t quickly fix the bug could harm consumers and open themselves up to mammoth financial penalties, the Federal Trade Commission said."<p>[1] <a href="https://www.washingtonpost.com/politics/2022/01/05/dont-mess-with-texas-election-results/" rel="nofollow">https://www.washingtonpost.com/politics/2022/01/05/dont-mess...</a> -- about halfway down