The 2017 NotPetya cyberattack exploited the software supply chain when malware was embedded in a routine update of the M.E. Docs software, an accounting software similar to Quicken, which is widely used in Ukraine. This past summer, Crowdstrikecustomers experienced problems when there was an error in a line of code. Although this was not a cyberattack, the impact of this error was widely felt, and both Crowdstrike and IT shops worked hard to provide a remedy as quickly as possible. These events highlight the importance of the software supply chain. On this episode of WMD, Dr. Tamara Schwartz talks with Paul Davis, Field CISO from JFrog, a software supply chain platform that brings together DevOps, DevSecOps, and MLOps to provide end-to-end visibility, security, and control for automating delivery of trusted releases. Paul explains the complexity of software development and the challenges of an open source software development ecosystem, highlighting how a capability like JFrog can bring peace of mind.