Only 16.8 percent of maintainers ranked their security expertise as high. Only one in six maintainers said they know next to nothing about security. Consumers and maintainers should consider contributing some of their expertise back to the OSS ecosystem, author says. The stats likely reflect the general state of security proficiency among developers, he says. It does, however, demonstrate that security savvy OSS consumers should seriously consider contributing to the ecosystem of free software to help maintainers gain some of this knowledge.”]
Source: https://www.csoonline.com/article/3239244/what-do-open-source-maintainers-know-about-security.html