A new report has revealed the United States and Russia are the highest generators of open source projects and have the highest anonymous open source contributions as well. By assessing global software supply chains, the report reveals the origins of the deepest open source dependencies as well as their critical vulnerabilities. 

The report notes that globally, open source has flaws. Open source is involved in 2 to 9 times the code developers write, and more than 95% of vulnerabilities come from within open source package dependencies. 51% of these vulnerabilities have no known fixes. Furthermore, 70% of open source components are either insufficiently maintained or not maintained at all. 

Key findings from the report include: 

• 34% of open source contributions originate from the U.S.; 13% come from Russia 
• More than 15% open source components contain several versions within a single application, increasing the difficulty of remediation. 
• 20% of U.S. open source contributions are anonymous