Over the last decade, software supply chain attacks have become increasingly more sophisticated—and more damaging.