Is OpenSource more secure?" is the wrong question. Also, who needs opinion when we have data... This session will provide new quantitative and qualitative analysis of the modern SW Supply Chain. There's been a dramatic shift from writing code to assembling it, with open-source and third-party components providing the innovation and efficiency developers need. This dependence on components is growing faster than the ability to secure them. As with Heartbleed, Struts, and the like, shared components are increasingly shared risk. Worse, components are increasingly the preferred attack surface in today’s applications. Growing dependence, coupled with poor security visibility, requires small but important adjustments to application development. Join us for fresh analysis and practical ways to minimize avoidable risk and rework.