The scale and efficiency of our global technology infrastructure are made possible through the standardization of key building blocks. These reusable building blocks, while useful for creating software at scale, also create dependencies and risks that are often not understood until they manifest as a security issue. For example, a vulnerability in a software building block that is integrated into numerous other software packages means that every organization that uses those packages is at risk. It also means that system owners may not know where vulnerable software lives within their environments. When such a vulnerability is also easy for a threat actor to exploit to obtain broad control over a compromised system, it can create a once-in-a-generation security event. This is what happened with the Log4j vulnerability that came to public attention in December 2021.