Almost every developer is using OSS. 50-90% of the code found in commercial software packages is open source and 9 out of 10 IoT developers rely on it. Yet, the actual use of OSS is often unknown or unmanaged. This can result in license compliance issues and security vulnerabilities. Open Source is free to use, but not free of obligations Most organizations don’t know exactly which open source components they’re using and have difficulty producing an accurate Bill of Materials (BOM) for use of all OSS and 3rd party components in their products. Research from the Flexera Software Composition Analysis team shows that developers generally use 20 times more than they are aware of. This can lead to serious license compliance issues because many open source licenses come with obligations like passing along the text of the license, preserving copyright statements, providing attribution or making your proprietary source code available if you distribute your product.