Log4j was a crippling event for many organizations that struggled to understand whether and where they were even running the popular open source logging utility in their environments. But Log4j also forced the industry come to grips with the transitive nature of software supply chain exploits and just how easy it is for exploits to leap across software dependencies. It was not a fun way for security teams to end 2021.