A large proportion of software development relies on open source frameworks and libraries. But vulnerabilities like Shellshock and Heartbleed has tarnished the reputation of open source code. In this interview, Patrick Carey of Black Duck explains how organisations can continue to benefit from the power and speed of implementation that open source code has to offer, while also ensuring their own safety. Through the careful of shared sources of vulnerability data - and especially by collaborating in open source development - developers can use open source libraries and frameworks to the full without unnecessarily exposing themselves to danger.