You make it sound like this is a common problem in open source projects, like they are trying to cover up existing issues, or claiming they are fixing security issues when they are actually ignoring. Do you think this is the case? Can you name a few projects where you noticed this?