We know there will be more attacks like those on Solarwinds, Log4J, and Kaseya, and more compromises of open-source components like Apache Struts and OpenSSL. Software supply chain threats – both the malicious attackers and the accidents waiting to happen -- are now a fact of life.