The average open source vulnerability is 2.5 years old

A report found that 75% of commercial codebases have high-risk vulnerabilities in their open source components. This highlights the prevalent security risks associated with using open source software in commercial applications.