Log4Shell was not only an emergency vulnerability. It was a public test of whether governments, vendors, cloud providers, software suppliers, and customers could prove that a deeply embedded component had been found, fixed, mitigated, monitored, and kept from returning through dependency drift.