When I started working on computer security, organizations that worried about security were concerned about the security of software that they created themselves and shipped to their customers. Today, a lot has changed – many (most?) organizations that deliver software products or services rely a lot on components that other organizations or individuals have created. Many of these “third-party components” are open source software while some are commercially-licensed libraries or subsystems.
