Open source maintainers face significant security challenges, with many lacking necessary skills and knowledge to ensure their projects are secure. A majority of maintainers (63%) believe they have medium-level security know-how, while only 30% rank themselves as high. However, a significant number (70%) admit to not having strong security knowledge. Many maintainers do not conduct regular security audits, with one in four reporting that they never run an audit. Despite this, there is a positive trend towards repeated auditing actions. Maintainers often find out about vulnerabilities through public channels or by reviewing their own code personally. The average time-to-fix for a vulnerability is around 2.5 years, highlighting the need for more proactive security measures. A responsible disclosure policy can help maintainers respond quickly to security issues and provide a window of time for users to upgrade to fixed versions.