COMMENTARY: Supply chain risk in the software pipeline has been a known problem for years, but it never did get budget priority.Before exploitation, when entire classes of attack are just theoretical, risk stayed low. Getting ahead of potential future risks represents a "nice to have" for security teams in orgs where there’s tight funding, even for controls that are known to move the risk needle.[...
