Asking developers to stop using components would be like asking them to go back to typewriters, says author. Make sure your developers understand the risks in open source and third-party components. Security teams need to know what components their developers are using, and where they are using them. Local repositories ensure that only a single approved version of a component is used, rather than a myriad of different (and potentially vulnerable) versions. With the pace developers are now required to churn out code, asking developers to re-invent the wheel for every piece of functionality would be unfeasible and unrealistic.”]
Source: https://www.csoonline.com/article/3230555/is-secure-open-source-component-use-an-oxymoron.html