I agree. The reflexive move is by a specific F50 that has the size, internal controls, headcount, and liability risk that they are taking such an approach.

Most other places will continue to use OSS, but much more locked down access to third party dependencies will be granted. I personally think it'll be a great time to be in the AppSec and SBOM validation space.