This summary provides an overview of the article "Reachable vulnerabilities: how to effectively prioritize open source security" from Snyk. The article discusses the problem of managing third-party dependencies and their associated vulnerabilities, particularly when dealing with large enterprise applications. It highlights the importance of identifying reachable vulnerabilities, which are those that can be exploited by an attacker, as a way to prioritize fixing vulnerabilities. The article explains how Snyk uses expert security research and automated static analysis to identify reachable vulnerabilities. The discussion then delves into the challenges of creating call graphs for modern programming languages, including dynamic dispatch, control flow statements, and other complexities. Finally, the article concludes that while the output of such analysis is an approximation of reality, it provides a useful starting point for developers trying to tackle their security problems.