GitHub’s annual Octoverse report finds the vast majority of projects use open source software. Vulnerabilities are expected to cause the majority of security alerts in the next year, the report says. Developers must anticipate the need to fix issues quickly and improve open source security, says GitHub’s Maya Kaczorowski. On average, a vulnerability goes undiscovered for 218 weeks, or more than four years, while it takes just over a month to fix the average vulnerability. The report highlights the success of GitHub’s Security Advisory service, which gives projects a place to post security advisories.”]