“As society becomes more dependent on digital products, customers expect us to do better. Regulation helps enforce the standards society now depends on.”

Ilkka Turunen

Sonatype Field CTO

In our recent webinar, The State of Global Software Regulation, Sonatype Field CTO Ilkka Turunen joined OSPO Technical Program Manager Eddie Knight to discuss the increasingly vital role regulation plays in modern software delivery. We’ve all watched as software has transitioned from a tool for innovation to the backbone of modern society. Just as we regulate water, electricity, and roads, governments are now treating software as critical infrastructure.

With the release of the 2026 State of the Software Supply Chain Report, we see a shift from an era of guidance to one of enforcement. With 2026 marking a major turning point for global compliance, engineering leaders must understand not just what is changing but how to adapt their development pipelines to survive it.

The Regulatory Focus on Open Source

Open source software has become the central focus of regulatory scrutiny. This isn’t arbitrary; it is a reflection of modern development reality. Open source components now make up 80–90% of modern applications. It is the foundation of AI models, cloud platforms, and global financial systems.

Regulators have recognized that securing critical infrastructure is impossible without securing the open source supply chain that powers it, and this heightened scrutiny is driven by three converging pressures identified in the report: a malware explosion, with more than 1.2 million malicious packages blocked, demonstrating how bad actors are actively weaponizing the supply chain; significant vulnerability blind spots, as 65% of new vulnerabilities lack severity scores, leaving security tools unable to properly assess risk; and growing AI instability, where the rapid acceleration of AI-driven development has led to roughly (Read more...)