Securing Open Source Software

What happens when the world's codebases depend on the thankless and unpaid support of a dedicated few?

It is estimated that 75% of codebases contain open source, and 91% of these dependencies have had no development activity in the last two years. This means no updates or security fixes.

Should the maintainers of open source really be responsible for fixing security issues quickly? How can we properly incentivize them to do so?

Come share your thoughts and ideas in our unique open discussion format. Always a great chat with great people!

Reference:
(https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/)