https://techcrunch.com/2024/01/04/software-supply-chain-security-remains-a-challenge-for-most-enterprises/

Log4j, maybe more than any other recent security issue in recent years, thrust software supply chain security into the limelight, with even the White House weighing in. But even though virtually every technology executive is at least aware of the importance of creating a trustworthy and secure software supply chain, most continue to struggle with how to best implement a strategy around it.

The number of CVEs (Common Vulnerabilities and Exposures) continues to increase at a steady pace and there’s nary a container out there that doesn’t include at least some vulnerabilities. Some of those may be in libraries that aren’t even used when the container is in production, but they are vulnerabilities nevertheless.