Security of open-source software again being scrutinized