Did you know that 6.7% of open source Java library releases contain known vulnerabilities? And this increases to 24% when you consider only the most popular and most used projects. Navigating this minefield to keep applications secure can be a challenge. In this talk, we give a preview of our latest software supply chain research, which characterizes this risk for various languages and offers guidance for how teams can 1) choose components that help minimize their risks and 2) adopt practices that help them quickly discover and remediate security issues as they arise.