- Security vulnerabilities are common in mid-sized software with over 100,000 lines of code and third-party libraries. Even small bugs can combine to cause major incidents if not addressed. - External dependencies like frameworks and libraries can introduce vulnerabilities that affect a product. Thoroughly vetting all external code used is important for prevention. - While developing new features is exciting, security issues are less appealing for developers to fix. However, prioritizing response, validation, and prevention is important as vulnerabilities are difficult to address as a product and codebase grows. Having the right processes, trained staff, and prioritizing fixing issues can help manage security risks over the long run.