In the last year and a half, one cybersecurity mess after another — the SolarWinds software supply chain attack, the log4j vulnerability, the npm bad code injection — have made it clear that we must clean up our software supply chain. That’s impossible to do with proprietary software, since its creators won’t let you know what’s inside a program. But with open-source programs, it can be done.

Source: LXer – Securing the open source ecosystem: SBOMs are no longer optional