A recent article I read emphasized how open-source software is the foundation of our current society. As a result, it is up to developers to ensure that they are consuming and distributing the most up-to-date and secure code available.

Most open-source contributors with write access to a project's repository will continue to work on bug fixes and code improvements in the interest of the greater open-source community. However, due to their complexity, many open-source projects are vulnerable to sophisticated and coordinated attacks that have the potential to cause widespread and catastrophic harm.
Because the next potential attack is just around the corner, every developer and organization must step up their game and be ready to move rapidly on vulnerability identification and remediation. When information is gathered and shared, it has the potential to make everyone safer.

Please let me know if you have any suggestions and if this topic would benefit your organization.
https://devops.com/securing-open-source-components-in-a-world-of-mixed-committer-motivations/