Security failures in the software supply chain seem to be on the increase – at least they are definitely getting more attention. But what’s to be done about it, short of following advice to “be careful”? To answer that one, we need to dig deep. So, let’s sit back and start with a look at why the problem arises. Once we know that, the way forward should become clear.