Enterprises need to practice governance of open-source software to regain control of their software supply chains.