Basically, supply chain attacks are increasingly becoming a problem, not really because the nature of software or software maintenance has changed (though it has), but because the cost model for sharing distributing software has changed to make it really cheap. So cheap that we automate the shit out of it even when it’s wasteful, because the automation is useful. And so now every few months we get a new supply chain attack where someone manages to break half the code in the world or something.