This report includes insights and recommendations intended to help organi- zations and their security, risk, legal, and development teams better understand the open source security and license risk landscape as they strive to improve their application risk management processes.