Understanding your open source risk
Open source libraries can introduce vulnerabilities to your code

whitepaper

As the demand on software development teams increases, developers are increasingly relying on open source libraries, or pre-built pieces of code available online. As a result, software today is rarely completely made of first-party code, and is more often “assembled” from other sources.
But this introduces security threats - not from the open source libraries themselves, but by not knowing that what you're using contains vulnerabilities that may be exploitable in your application.
This whitepaper looks at the risks that open source presents, and what steps you can take to secure your code.