The open source security landscape continues to expand, with over 40 million developers on platforms like GitHub, and the majority of vulnerabilities discovered in indirect dependencies such as npm, Ruby, and Java. Despite this growth, new vulnerabilities have decreased by 20% across popular ecosystems, and cross-site scripting (XSS) remains a common issue, yet its impact is relatively low compared to less prevalent but highly impactful vulnerabilities like prototype pollution. Official container images contain significant numbers of known vulnerabilities, and using them is not a replacement for regular security hygiene practices. The remediation timeline for vulnerabilities often does not match expectations from the community, with 47% of respondents expecting fixes within a week and nearly 18% expecting fixes within a day. However, in reality, only 35% of vulnerabilities were fixed within 20 days, and 36% took 70 days or more to be remediated. The report highlights the importance of tracking metrics such as days to remediation, mean time to merging pull requests, and time to fix code, and encourages organizations to establish programs that reinforce shared responsibility for security practices within their organization.