Software supply chain attacks have increased an average 742% per year over the last three years. While cyberattacks are nothing new, the intensity, volume, frequency, severity, and sophistication of malicious attacks are becoming a major issue plaguing organizations around the world.   With modern applications being made up of more than 90% open source components, organizations are increasingly at risk of cybercriminals capitalizing on weaknesses in upstream open source ecosystems to launch downstream attacks. The amount of time, resources and tools needed to fix these attacks—especially in an all-hands situation like Log4j—costs organizations an exorbitant amount plus the potential for shareholder lawsuits, loss of customers, and damage to brand reputation.  Thanks to increasing federal requirements stemming from President Biden's Cybersecurity Executive Order and watershed moments like Log4j, SolarWinds, and the Equifax breach, greater emphasis has recently been placed on Software Bill of Materials (SBOMs) to help mitigate these issues. In fact, new legislation explicitly calls for federal agencies to collect SBOMs from all federal contractors.  However, SBOMs alone are not the solution. Though certainly helpful in mitigating attacks and reducing the time to fix vulnerabilities, they are only part of the “how” in securing software supply chains.   This session will provide attendees with actionable tools and data-backed methodologies consumers and maintainers can use to secure their software supply chain, from everyday practices to long-term solutions for enterprises. If developers can understand the development lifecycle and analyze the vendors and projects they bring in, they can more easily remediate malicious and vulnerable components and potential attacks.