Today, most software products rely on thousands of prewritten
packages produced by vendors or drawn from open source libraries. The most
commonly used of these third-party software supply chain components are highly
prized targets for cyber criminals.