The industry has spoken, and there are some concerns about governance we need to address.
The Deloitte Global IT Asset Management (ITAM) Survey 2025 uncovered this important insight: “preparedness around open-source software remains a blind spot. Only 17% of respondents have a dedicated Open-Source Program Office (OSPO) or equivalent framework. Just 7% align this function to recognised standards such as ISO/IEC 5230 and 18974, while the remaining 10% operate without reference to any formal framework.”
See page 15 and 16:
https://hubs.la/Q03TS8PJ0
Clearly, while we have collectively made significant progress around building a more trusted supply chain, there is a long distance to go.
You can be part of the solution by contributing to the OpenChain community as we address process management for open source license compliance, security assurance, SBOM quality and – most recently – AI system bill of material compliance. Learn more here:
https://hubs.la/Q03TS8hm0
