Security is proving to be a critical Achilles heal in open source SW. I find it hard to get project owners to be proactive.
Supply chain attacks against open source is getting worse
Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times