Third-party libraries and open-source dependencies account for 66% of the most dangerous, longest-lived vulnerabilities.