Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.