Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software? On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report. Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.” Show Notes8th Annual State of the Software Supply Chain Report Learn about the power of Continuous Merge with gitStream Join the Dev Interrupted Discord Want to try LinearB? Book a LinearB Demo and use the "Dev Interrupted Podcast" discount code.