The recent Log4J vulnerability opens up a scary question about web security approaches, if you aren’t using a Zero Trust approach then are you really practicing security?