Open source software security vulnerabilities exist for over four years before detection

GitHub research suggests there is a need to reduce the time between bug detection and fixes.