We surveyed over 650 developers, and collected data from the NVD, security advisories, peer-reviewed vulnerability databases, issue trackers and more, to gather the latest industry insights in open source vulnerability management.