Supply chain security addresses threats from vendors, software components, and hardware — any trusted third party that could be compromised to attack you.
SolarWinds: malicious code in Orion software update → 18,000+ organizations compromised. Log4Shell: one library used everywhere → global impact. Controls: SBOM, code signing verification, vendor risk assessments, SCA tools in CI/CD.