Cyberattacks are conducted via cyberspace and target an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment or infrastructure; or destroying the integrity of the data or stealing controlled information.1 Cyberattacks such as those executed against SolarWinds and its customers and exploits that take advantage of vulnerabilities such as Log4j, highlight weaknesses within software supply chains, an issue which spans both commercial and open source software and impacts both private and Government enterprises. Accordingly, there is an increased need for software supply chain security awareness and cognizance regarding the potential for software supply chains to be weaponized by nation state adversaries using similar tactics, techniques, and procedures (TTPs). In response, the White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028)2 that established new requirements to secure the federal government’s software supply chain. The Enduring Security Framework (ESF) 3, led by a collaborative partnership across private industry, academia and government, established the Software Supply Chain Working Panel which released a three part Recommended Practices Guide series to serve as a compendium of suggested practices to help ensure a more secure software supply chain for developers, suppliers, and customer stakeholders.