Security of the software supply chain has gained significant attention over the past year
"Two major cybersecurity attacks - SolarWinds and Kaseya - proved sharp reminders to reexamine every component of software development and deployment, including what they are and where they came from.
The first signs of major supply chain vulnerability actually showed up over four years ago when the malware wiper NotPetya was launched against Ukraine in 2017. NotPetya attackers, believed to be threat actors in the Russian military, allegedly injected malicious code into accounting software owned by a Ukrainian company. The result was an estimated $10 billion in damages that impacted organizations across Asia, Europe and the Americas..."