Explore the critical issue of security in third-party software procurement in this 39-minute LASCON conference talk. Delve into the complexities of ensuring security for Commercial Off-The-Shelf (COTS) and Free and Open Source Software (FOSS) in enterprise environments. Examine case studies of vulnerabilities discovered during penetration tests that led to company compromises. Learn how long-standing flaws in products can create potential back-doors into internal networks and data. Gain valuable advice and guidance on integrating security considerations into the enterprise product purchasing process. Cover topics including the current software security landscape, the challenges of diverse vendor security approaches, and the importance of threat modeling in procurement decisions.