# Software Supply Chain Security - Why there is so much interest about it? - _Solarwinds_, Russian intelligent services implanted malware into it. - Vulnerabilities in `log4shell` - Strengths of this perspective - Matches the zeitgeist of high-profile attacks. - Does reflect a growing trend of using 3-rd party code. - Venture capitalists see this perspective. - Limits of this perspective - Attacks did start over 20 years ago - [[owasp|OWASP Top 10]] has contained "outdated components" for a long time. - How significant is this risk?