A Hard Lesson in Open Source Vulnerability Management