Explore the critical issue of software supply chain security in this 20-minute conference talk from USENIX Enigma 2021. Delve into an analysis of 115 software supply chain attacks and vulnerability disclosures from the past decade, highlighting their popularity, impact, and use by state actors like China and Russia. Gain insights into the implications for the technology industry and cybersecurity policymaking community, and learn about potential solutions including improved security practices, increased investment, and policy revisions. Understand the importance of raising the baseline of security behavior while countering high-impact attacks in this comprehensive examination of an underappreciated domain of national security policymaking.