Its goal is to “enhance global open source software supply chain security by collaborating with project maintainers to systematically hunt for new, previously unknown vulnerabilities in open-source code” and then repair them. This is crucial for open-source security.
The security of the software supply chain has become critical. Software supply chain vulnerabilities have been linked to a slew of notable security issues, including the SolarWinds software supply chain attack, the Log4j vulnerability, and the npm malicious code injection episode.