roger.plowman - Tuesday, January 17, 2017 6:48 AM
Certainly there can be bloat here. Not much to do here, but patching helps.
I'm not sure I agree with avoiding third parties. While not every small library might be worth updating, plenty of popular ones are updated, and more importantly, they get additional screening and patches from the security standpoint over time. Managing that, and ensuring you have good security, is tough from a individual standpoint. There are no shortage of stories from people that assumed their code was secure, or well written, and it wasn't. Also, developing patches for your libraries can be harder than just applying patches from a well known source. There's the time to develop, as well as the expertise to get the patch built.
That being said, I don't want to say buy everything instead of build it. You have to make choices, not be afraid to change if necessary, and do what's best for your organization.