Comment by pjmlp

So Microsoft 365, Windows, and Azure most likely.

I bet they haven't thought about Typescript, VSCode, Github, Linkedin, .NET, npm/node, or the contributions done to Linux kernel, Rust and Python that probably would also require security reviews.

Also most of the key contributors to FOSS alternatives are sponsored by US companies as well.

Which is the problem this ongoing geopolitics crysis. Decision makers only think about the superficial parts and not the whole extent of the dependency problem.