Feeling VEXed by software supply chain security? You’re not alone

Chainguard CEO explains how to secure code given crims know to poison it at the source
SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. And that spells a security danger: if someone can subvert one of those components, they can infiltrate every installation of applications using those dependencies.…