but the cost of rewriting everything that you are currently using through dozens of dependencies and third party libs you are going to go broke.

Unless you have the budget like the DOD which has its own coding language I believe, you are ngmi

Not to mention you would be introducing attack surfaces that wont have enough attention because its only being used by your team.

At least with a widely used lib, vulnerabilities are caught, published (very important) and constantly raising vigilence. here you would have to perform your own threat mitigation and have bounty programs.

This assumes that your own software is more secure.

for what it's worth, the log4j vulnerability was due to some obscure feature that nobody uses. unlikely you'd even write such code.