There is some consensus on how to handle security defects in software we write. We have lesser luck with managing vulnerabilities in 3rd party software we use. This edition outlines the challenges.