1. How was the bug discovered?
By an alarm raised by security team’s transaction monitoring system.
2. What is this vulnerability called?
3. Which function is vulnerable?
4. Why was the vulnerability present in several ERC20 tokens?
I guess, the reason is "ERC20 token is a standard, so it felt safe to take someone’s else implementation (for example from OpenZeppelin or another similar source, or some ERC20 contract published by another well known and respected company) and apply it to your token.
5. Why is “code is law” mentality problematic when it comes to fixing bugs?
The blockchain is immutable by design. So if the contract contains bugs, the only way is to create a new one and abandon the existing one (and abandon all the ether it holds, I guess).
Note: The upgradeable proxy contracts are out of scope for this lecture, I guess.
6. How did exchanges react to this vulnerability?
The price of the cryptocurrency (or fiat currency) might peak since the demand goes up as the owner of exploited tokens starts to sell them in order to make a profit.