The number of commercial software projects composed of 50 percent or more of open source code has increased tenfold since 2011. Cybercriminals are quick to jump on any attack vector that exploits widespread vulnerabilities. The average age of a vulnerability in commercial software, Black Duck Software estimated, is roughly five years. It is difficult to avoid using products that contain vulnerable OSS code, which requires security teams to audit every component of an application, which, in itself, could raise the overall cost of the product.”]