The discussion around open source security highlights the significant risk associated with using open source libraries, which can be underestimated by many in the market today. The vast majority of code deployed is not original code but rather open source components, making it a high-risk target for attackers. The industry currently approaches this problem in three ways: some teams take security into consideration when selecting libraries, others invest in finding and fixing vulnerabilities on an ongoing basis, while others don't address the issue at all. DevSecOps is about working together across disciplines to achieve a common goal of functional and secure products, where security professionals set policies, educate developers, and empower them to make security calls. The ultimate goal is to fix vulnerabilities, not just find them, and to maintain momentum by addressing delta changes and preventing new issues from arising. Teams should prioritize stopping the bleeding by addressing current problems first, then prevent and respond to ongoing concerns, and finally find and fix new issues.