Explore the critical issue of unaccounted risks in external software dependencies through this insightful 17-minute keynote address by Paul Vixie, VP/Distinguished Engineer at AWS Security. Delve into the implications of the May 2022 Nozomi Networks security advisory, which exposed an unpatched DNS bug affecting numerous IoT vendors. Gain valuable perspectives from Vixie, the original author and eventual patcher of these bugs, as he examines how this advisory exemplifies a broader cultural norm in today's software community. Learn why allowing external dependencies to present unaccounted risks is a prevalent practice and discover alternative approaches to mitigate these challenges. Engage in a thought-provoking discussion on revisiting the total cost of ownership for external dependencies and explore strategies to enhance software security and reliability.