We’re going to hear a lot about supply chains over the next few years. This is going to be the next big thing in security, and luckily, lots of smart people are already working on subsets of the problem. But there’s a few big problems with supply chain security generally that will make adoption and use of those solutions hard.
Interestingly we introduced this service post SolarWinds to allow independent build pipelines to exist in Escrow - https://insights.softwareresilience.nccgroup.com/binarybuildappraisal - very little real-world market interest beyond hyper mature companies.