The Linux Foundation recently partnered with Snyk to produce a report on the state of security in open source software (OSS). The report, based on 550+ survey responses and 15 interviews, highlights the growing complexity of software supply chains and the need for better OSS security. Experts discuss the importance of creating Software Bill of Materials (SBOMs) and implementing OSS security policies to manage risk and improve transparency. The report also reveals that 49% of organizations have no security policy addressing open source security, and that time to fix vulnerabilities has increased from 49 days in 2018 to 110 days in 2021. Snyk's Director of Developer Relations notes that tools like static application security testing (SAST) and software composition analysis (SCA) can help automate the detection and remediation of open source vulnerabilities, but resourcing challenges remain a major issue.