There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks. Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a 650% year-over-year increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of bolstering the security of open source software. Governments and regulators have taken notice and action, including the White House’s Executive Order 14028 on Improving the Na...