Open source libraries are great. Vulnerabilities that come along with them? Not so much. As a security team trying to implement a secure development lifecycle process, how do you solve this issue, not once but forever? This talk will cover behind the scenes efforts that resulted in a tangible plan for dependency management, particularly for Python, Go and Javascript, at Lyft. Further, we will walk through challenges we faced along the way during implementation of popular best practices at scale. Talk outline : 1. Open source libraries pros and cons 2. Variety of programming languages with their problematic dependency lifecycle 3. Securing supply chain at scale with developer empathy 4. Sustaining a good dependency management process 5. Measuring success and failure Audience would leave the talk with the knowledge of real challenges faced while implementing a dependency management program and an example of how to mitigate them.