The survey saw its highest participation yet with 3,353 respondents. It was conducted between April 1st and April 30th, with 1,513 responses before the announcement of the Heartbleed bug on April 7th, and 1,839 after. The results revealed that most organizations are not well prepared for vulnerabilities like Heartbleed, as the majority do not have strong open source policies, do not actively monitor components for vulnerabilities, and do not track components in production applications. However, there are signs the industry may be reaching an "inflection point" and increasing focus on application security and governance of open source components.