Over 96% of systems have at least one Open Source Software (OSS) component. Most organizations don’t even understand where they are using OSS, as software packages can be nested +10 layers deep. Despite the massive influence of OSS, many Cybersecurity professionals lack a solid understanding of what OSS is, how to determine where their organization is using OSS, and whether their OSS is secure. OSS changes hourly, thus vulnerabilities can rapidly change. Cybersecurity needs to separate OSS facts from fears.