The discovery of the Ripple20 vulnerabilities, affecting hundreds of millions of Internet of Things (IoT) devices, is the latest reminder of the dangers that third-party bugs pose to connected devices.

Although the estimated 31 billion IoT devices in the world perform a vast array of crucial functions — powering lifesaving medical tools, facilitating efficient transportation, and transforming critical business processes — these devices are alarmingly vulnerable to attack. In large part, that’s because OEMs rely on third-party vendors — like the Ohio software company at the center of the Ripple20 firestorm — that sell code riddled with potential entry points for malicious hackers.