Across all industry sectors, open source software continues to pose a challenge for software security. Synopsys has released the latest edition of its annual report on open source security, https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html.
Synopsys publishes OSSRA findings every year to help the industry understand the open source security and license risk landscape.
Establishing software governance best practices can help you launch an open source software management program to protect your resources and data from zero-day vulnerabilities.
Ideally, your strategy should define acceptable sources for obtaining open source software and how to determine if a package is suitable.