Since President Biden issued an Executive Order on Cybersecurity (EO 14028) in May, the topic of securing software supply chains has increased in prominence, and public scrutiny.
Nearly all software is created from a vast ecosystem of open source and third-party components, each of which represents one supplier in the supply chain for that application. The software supply chain for most applications operates at a level of complexity that rivals that of any manufacturing supply chain. In fact, the 2022 Synopsys Open Source Security and Risk Analysis (OSSRA) report shows an average of over 500 suppliers in a typical commercial…