Explore the critical importance of open source supply chain security in this PyCon US talk. Delve into the nature of supply chain attacks, their impact on open source ecosystems, and common intrusion points. Learn essential concepts and terminology in supply chain security, discover open source projects and frameworks for protecting software integrity, and gain insights on evaluating the security practices of dependencies. Understand the mechanics of supply chain attacks, their detection challenges, and acquire actionable solutions to prepare for future threats. Examine unauthorized changes, compromised repositories, modified builds, and package vulnerabilities. Investigate risk evaluation methods, transitive dependencies, and the latest developments in the field. Conclude with a call to support open source initiatives for a more secure software ecosystem.