Fifty Years of Open Source Software Supply-Chain Security cacm.acm.org/practice/…

The contours of the problems in software supply-chain security have not changed in half a century because they are fundamental. There are no easy answers in computer security; software supply-chain security is no exception. The best we can aim to do is keep improving our defenses, and many promising reinforcements are not yet universally deployed. This article aims to highlight promising approaches that should be more widely used as well as point out areas where more work is needed.