There are tools to manage the complexity of vetting external software. The best known of these is artifactory but there are others. But the security team will need resources to implement a full software lifecycle part management (similar to how manufacturing firms manage part validation). If the third-party components (open source or proprietary) will become part of a product (and not just build tools or testing/QA tools), the product managers will have to learn to manage a software bill-of-materials catalog of all the components they use, the versions, and the licenses. If management is not willing to allocate resources to these efforts, you will have a hard time moving forward.
In my experience this is not a simple process, especially if there is no existing culture of outsourcing software components. It requires a lot of convincing, and a feel for how the wind blows in your company. Can you find a high-level management patron who is willing to listen to the advantages of Open Source? Are there conferences for your industry where you can reach out to like-minded people and form a consortium for “Open Source in the … Industry”? Perhaps such an organization already exists. I was lucky to be in the right place at the right time to effect this change in a large bureaucratic manufacturing firm, and the end result was very satisfying. It took a multi-year effort though, so don’t give up quickly. There are many resources on-line about how Open Source is eating the software world that you could put on your company blog, and many speakers who would be willing to come give a talk about moving to using Open Source at your periodic company “external lecture” events.