Re: [opensource-wg] Open-source Software Risk Mitigation Practices survey