Increased security vulnerbilites being reported 28 September 2018, 17:59:54 https://www.theregister.co.uk/2018/09/25/open_source_security/QuoteDerek Weeks, VP at Sonatype, said it was "discouraging" to see the percentage of vulnerable component downloads increasing whilst expressing sympathy for developers."Today, it is difficult for developers to know if they are downloading open source components with known vulnerabilities like Struts," Weeks told El Reg. "Free downloads of components take milliseconds and no information is actively passed to the developer during that effort about known vulnerabilities. It is the equivalent of shopping in a huge supermarket full of tasty products that have no food labels or expiration dates. Without data about component quality and security surfaced quickly to developers, they are effectively shopping blindfolded.