The 2017 State of Open Source Security Report provides an overview of the current state of open source security, highlighting trends in vulnerabilities across packages and container images. The report is based on data from a survey of over 500 open-source users and maintainers, as well as internal data from Snyk and information from Red Hat Linux and GitHub repositories. It reveals that open source library vulnerabilities increased by 53.8% in 2016, while the median time from vulnerability creation to disclosure is 2.5 years, with a fix being released in just 16 days. The report also shows that 79.5% of sites tested run at least one client-side JavaScript library with a known security vulnerability, and that 77% of tested sites have at least one publicly disclosed vulnerability. Overall, the report emphasizes the importance of securing open source and encourages all stakeholders to take steps to improve their security posture.