Such escalating threats, which are exacerbated by being increasingly undetected by traditional security software, have not corresponded to improved security practices, with 95% of flawed OSS components still being downloaded during the past year despite the availability of more secure versions, according to a study from Sonatype.