Figure cited by Donarski at wroclove.rb 2023 from GitHub: roughly 17% of all bugs in open source are planted deliberately to exploit downstream users. There are no systemic incentives to hunt these down before material or data damage is done — a gap tea's 'tea taster' role is designed to close.