"There is no secure software supply-chain."
If you're into #opensource then this might be an interesting take for you from John McBride at AWS.
https://onengineering.substack.com/p/there-is-no-secure-software-supply
"I do believe that open source software is entitled to a lifecycle — a beginning, a middle, and an end — and that no project is required to live on forever. That may not make everyone happy, but such is life."