Statement from metricstream about log4j.
"Log4Shell has been a brutal lesson that any vulnerability can and will be exploited without the most robust risk management system in place"
So your robust risk management system detected log4j vulnerability much before? don't say it's doesn't work for your company.