This document discusses using components with known vulnerabilities and provides recommendations and tools to address this issue. It begins with an overview of the OWASP top 10 issue of using vulnerable components and provides examples using the NodeJS decompress package and Ruby on Rails rubyzip gem. It then recommends regularly scanning for vulnerabilities, subscribing to security bulletins, and keeping components up-to-date. Finally, it introduces several open source tools for detecting vulnerable components, such as OWASP Dependency-Check and Dependency-Track, as well as standards for application security verification.