Abstract
Almost all software products today incorporate open source software either directly or through software supply chains, but many companies are not properly governing their use of open source, incurring potential risks. Since 2016, I have been researching industry best practices and processes around open source governance, focusing on software supply chains. I have interviewed 20+ experts from industry-leading companies to derive their best practices. We are currently implementing some of these best practices at three companies that serve as case studies for our research. In this talk I will cover the results of our study and share some best practices with you.