Open source code is ubiquitous in modern software. While its convenience supports the demand for faster application development, it is also at risk of being insecure. In fact, more than 70% of open source libraries contain security flaws. The question is whether developers are aware of these flaws and, if so, are they doing anything about them?