Community vetting is one of the hallmarks of open source, to be certain. But Savio Rodrigues wonders, “could it be that the shift towards single-vendor-driven open source is making open source riskier?” He points to two uncovered vulnerabilities in the Spring Framework as examples, and explains that two of the key key benefits of OSS are the ability to read and understand the code we use and that “many eyes scouring the code” makes the product more secure. “Considering the millions of downloads of the Spring Framework, should we have expected someone to discover these security holes earlier? Or do developers use what the next guy/gal is using, trusting that ‘someone’ has done the due diligence?” Rodrigues asks in Is single vendor-driven open source a greater security risk? Security