'Inherited' code flaws in software supply chains invite security risk

Sometimes a flaw's severity isn't known until the damage has been done.