75% of audited codebases contain open source components with at least one known vulnerability. A primary culprit: The use of out-of-date software that’s no longer maintained by the open source community. Many engineering teams are spread too thinly to think about maintaining the myriad open source parts. The more eyes on open source software, the better everyone is protected against potential security threats. To avoid these types of issues, organizations should dedicate 20% of engineering time to managing open source risks.”]
Source: https://www.darkreading.com/application-security/3-tips-for-securing-open-source-software