The rapidly expanding use of open-source software is causing cybersecurity thought leaders to ponder how to more effectively reduce vulnerabilities across the entire software ecosystem. For instance, a recent report by the Institute for Security & Technology (IST) advocates for a shared responsibility model around open-source software security, as well as further support for software development frameworks, policies and licenses, and a more progressive approach to vulnerability management and mitigation. Other recommendations include VM measures that comply with existing risk assessment structures; more efficient patching and better cooperation between public and private stakeholders. This session will take us through the key takeovers from IST’s report, from the perspective of one of its authors.