Maria Loughlin of Veracode describes how to reduce risks through component inventories and developer training. She says developers need to keep code libraries current and use them to reduce risk. She also discusses how to mitigate the risk of developing software that could be compromised by security breaches. Loughlins: “Developers need to make sure they have the right tools available to protect themselves and the right people are aware of the risks associated with the software they are taking place with the right software.””]
Source: https://www.cuinfosecurity.com/open-source-components-managing-risks-a-11895