Criminal hackers and security experts are locked in a race over the vulnerability in Log4j software. Patches are being released, but the danger from the vulnerability has not yet passed, the Washington Post reports. When the number of sites, services, and devices at risk are added up, experts say, this is the greatest software vulnerability ever—caused by "a design failure of catastrophic proportions," one said, per Wired. The hole in the Java software has existed for years but only recently became widely known. Here's where the problem stands: