As Marc Andreesen so aptly noted “Software is eating the world”. Our technology-driven world increasingly relies on third party code, open source libraries and shared repositories. We don’t fully appreciate just how interconnected we are, and how that translates into software code dependencies. It took an event like the SolarWinds Orion attack to rattle the bars on that cage, and wake us up to what’s been going on for some time. The reality is that software supply chain attacks aren’t new. They’ve been around for many years, and we’ve been watching that check engine light but not really addressing the issues. Recent attacks show how easy it is to create confusion and send malicious code undetected through automated channels to trusting recipients. SolarWinds delivered a hard truth to defenders: everyone is vulnerable when trust can be abused. Where is the weakest link in your software supply chains of trust?