Suboptimal open-source consumption habits are the root cause of open-source risk, contrary to public discourse often linking security risk with open-source maintainers. Maintainers, on average, promptly address and resolve issues.
Source: Help Net Security