Nearly half of applications (46%) contained an open source component with a high-risk vulnerability, and almost three-quarters of the known vulnerabilities were at least two years old, according ...