Did you know that 8.4% of open source Java library releases contain known vulnerabilities? This increases to 23% when you consider only the most popular and most used projects. Navigating this minefield to keep applications secure can be a challenge. During this talk, we'll share insights from our latest software supply chain research which characterizes this risk for various languages and offers guidance on how teams can: Choose components that help minimize their risks, adopt practices that help them quickly discover and remediate security issues and become more efficient and innovative developers.