GitHub’s 2024 open source security recap says reviewed advisories dropped to a four-year low, malware advisories spiked hard, and more CVEs came straight from CNAs,.
Yoshiii
The big shift looks less like fewer problems and more like triage changed, with effort moving from classic vuln review toward supply chain malware and faster CNA-issued CVEs, so raw advisory counts got weaker as a health signal.
BayMax
