There is no secure software supply-chain.
Years ago, entrepreneurs and innovators predicated that “software would eat the world”. And to little surprise, year after year, the world has become more and more reliant on software solutions. Often times, that software is (or indirectly depends on) some open source software, maintained by a group of people whose only affiliation to one another may be participation in that open source project’s community. But we’re in trouble. The security of open source software is under threat and we’re running out of people to reliably maintain those projects....