That’s my concern too. Rust has the same dependency concerns, which is how hackers get into code. VaultWarden has the same Rust dependency concern. Ironically we’re entering an age where C/C++ seems to have everything figured out from a dependency injection standpoint
Now all they need to figure out is how to actually make the C/C++ code that isn't from dependencies secure and they'll be all set