The Linux Foundation hosted a webinar on securing software supply chains, which was moderated by Cloudsmith. The key points discussed were that a software supply chain includes all components contributing to a product, such as source code, dependencies, and users, and is often compared to the manufacturing industry's Bill of Materials. However, unlike manufacturing, the software industry lacks regulatory controls for provenance and traceability. Recent events like the SolarWinds hack and the dependency confusion attack have highlighted the need for securing software supply chains. Organizations are finding it challenging to secure their supply chains due to open-source software being foundational to development and the complexity of making security best practices easy to adopt. A secure software supply chain involves multiple best practices, including preparing the organization, protecting the software, producing well-secured software, and responding to vulnerabilities. Projects like SLSA and Sigstore are designed to help organizations understand what makes a supply chain secure and provide guidance on how to get started. Cloudsmith and Chainguard are working to make securing software supply chains easy by providing tools and solutions that promote continuous packaging, provenance, isolation, and transparency. Ultimately, securing the software supply chain is crucial for the software industry as a whole, and it's essential for organizations to adopt secure software development practices to ensure their customers can trust and verify the security of their providers' software supply chains.