This only works for a handful of open source projects with corporate backing and the resources to fix these issues quickly.
For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.
> For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.
Surely you can't be serious about "most" (= a clear majority) oss projects not fixing vulnerabilities in a reasonable time frame?
> For most OSS projects, the maintainers are either too overworked or just don't feel like fixing security issues.
Surely you can't be serious about "most" (= a clear majority) oss projects not fixing vulnerabilities in a reasonable time frame?