Security and development are still two different worlds, with open-source developers resistant to spending time finding and fixing vulnerabilities. Source