The document discusses the results of a survey on open source software usage and security practices. Some key findings include: - Over half of organizations have an open source policy but only two-thirds follow the policies. Top challenges are lack of enforcement and unclear expectations. - Most organizations do not have meaningful controls over the components used in applications and many have an incomplete view of license risks. - Few organizations actively monitor components for vulnerability changes or maintain an inventory of components used in production applications. Responsibilities for security are often unclear. - Application security practices often lag development speeds, with security analysis rarely performed early in the process. Training availability and developer interest in security is limited.