I don't think it's so much how you (as an active developer does it) -- granted having to redistribute your app everytime any of (say) 10 bundled dependencies need an update is an inconvenience -- the biggest problem is when you have some old software (without vendor support) that is statically built with some overflow "built in" from an old version of a library.
Granted, at some point patches probably won't be backported, but it is convenient to be able to upgrade libssl, restart a few services and be done.
Of course, if you bought that software under GPL, you might be able to fix the issue yourself...
Granted, at some point patches probably won't be backported, but it is convenient to be able to upgrade libssl, restart a few services and be done.
Of course, if you bought that software under GPL, you might be able to fix the issue yourself...