By now it should be clear that the topic of software transparency and efforts to bolster the security posture of the broader software supply chain are anything but fleeting. We are seeing a myriad of efforts across the public and private sectors worldwide in terms of regulations, tooling, technologies, and frameworks.

Because of the exponential increases in software supply chain attacks, including the landmark cases we have discussed, the emerging frameworks, and the growing maturity of the vulnerability database and scoring ecosystem, software supply chain security is an area experiencing tremendous attention and innovation.

In this chapter, we discuss emerging regulations, requirements, and potential solutions that could play a significant role in this innovation, and explore where we may be headed next.

Emerging Efforts, Regulations, and Requirements

On the emerging regulations and requirements front, it should be clear now that governments around the world are waking up to the criticality of software to their institutions, agencies, and overall societies. Software has become inextricably linked to nearly every aspect of modern society, woven into everything from simple daily leisure activities to even the most critical infrastructure and national security. Throughout this book, we have cited testimony from elected officials, defense leaders, and technology giants, emphasizing how important software is to modern society across ...