Highlight from ActiveState_Unrestricted_Upgrades_ Cost_Effective_Technical_Debt_Management

The best example may be downloading prebuilt components from open source repositories despite the fact that: • No details are provided about how the component was built, or from where its source code originated.

• Few organizations have a relationship with the authors of the open source components they use, requiring blind trust. Worse, most components include multiple dependencies, each of whose authors must also be blindly trusted.

• Precompiled binary components are difficult to scan in order to ensure they haven't been compromised.