The attack on Kaseya VSA servers that led to REvil ransomware deployments has affected nearly 1,500 companies so far.
Improving the security of the open source software supply chain will require better understanding of dependencies, and cooperation from developers and users.
The executive order makes widespread mandates addressing software supply-chain security and outdated security models.
An attacker was able to compromise the update mechanism for the Click Studios Passwordstate password manager and insert a malicious DLL that harvested victims' usernames and passwords.
The Codecov Bash Uploader tool, used widely in ,any development environments, was compromised in January, potentially causing serious downstream problems.