Supply chain security is a very complex and difficult topic. The industry started to focus more and more on it and different approaches start to materialize. Mainly, security becomes part of the contract negotiation and part of the responsibilities of the supplier. In some cases, certifications like ISO 27001 are requested and the certificate must be delivered regularly. While this is a good thing, it is by far not enough.
One issue a lot of companies tend to ignore when it comes to the supply chain are open source code libraries. Look at this article about a presentation by John Lambert: Virus Bulletin 2018: Microsoft’s Lambert on How Cloud is Changing Security. We all need to invest more into AI and ML to better reduce the noise and better understand such types of attack. This is where the cloud and a platform like ours really will make the difference.