Be that as i may there is still plenty of room in there for an insider to have initiated or allowed this. Not saying it’s so, just say if any investigation goes on, they would be remiss to assume it wasn’t.
Sure forensics tells them how the data was accessed, but who allowed the fault to remain or become installed? Who was responsible to maintain it?. Who coded it?
No, there is not. A major Struts project involves many programmers, and at the time they downloaded the flawed version, nobody knew about the flaw. If the flaw had been known, the version would not have been on the Apache site for download.
Struts is an open-source framework coded by volunteers worldwide. A vulnerability like this is a serious blow against open-source software, and a great embarrassment to the Apache project.