- Many crucial open source projects rely on lesser-known open source components that are run by volunteers who have little time to fix problems, and no money to hire security auditors.
- For example, in 2014, security researchers revealed serious vulnerabilities in two crucial open source projects: OpenSSL and Bash.