Why should someone care about open source security?