This document discusses application security in the age of open source software. Some key points: - Open source software is now a major component of commercial applications, with some having over 90% open source code. However, open source software can contain vulnerabilities. - There are over 34,000 known open source vulnerabilities discovered since 2000. Automated tools are missing many potential vulnerabilities. - It is difficult for organizations to control how open source enters their code bases and to keep track of vulnerabilities over time in the various open source components used. - Automating processes like inventory, mapping vulnerabilities, license compliance, and alerts can help organizations gain visibility and control over open source security risks.