---

Open source vulnerabilities go undetected for over four years

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers??? practices regarding vulnerability reporting, alerting and remediation.

The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.