The US Government has responded to the Log4Shell vulnerability by convening government and private sector stakeholders to discuss how to improve the security of open-source software. This includes efforts to increase automation, education, collaboration, and support for open-source maintainers. The Open Source Security Foundation (OpenSSF) is also playing a key role in improving OSS security through initiatives such as the Alpha Omega Project and other projects that aim to provide visibility into the "ingredients" of software through Software Bill of Materials (SBOMs). To secure their own software pipelines, developers can use tools like Sigstore, integrate with SBOM formats, and bring packages into private repositories. Package management is also crucial to securing supply chains, and Cloudsmith is a hosted package management service that provides robust security features and policies to prove its packages are trustworthy. Overall, the security of open-source software is a national security concern, and efforts to secure OSS are underway to address this threat.