Modern software projects cannot exist without open source software (OSS). It allows software projects to have rapid growth, credibility, and trust of their users. However, the wide adoption of OSS also brings huge security risks. Improper maintenance of OSS components may result in serious and costly security breaches, like the Equifax case, when the company lost 100K credit card profiles. In this talk, we will have an overview of the current problems regarding the management of third-party components of software projects, the ways how to address them, and I will also present you our methodology for identification of possible security issues coming from OSS dependencies. The methodology demonstrated its sustainability being used by SAP, a large international software development company.