Finding good, and affordable, tooling to help track third party libraries, especially when they go EOL. Lot's a good options these days for vulnerability scanning, but often very hard to know when something is no longer maintained. Granted, you could look at patch times for vulns I guess, but yeah.