The bull shitake from some security companies is out of control and security awards are a farcical tool they are using to look credible. It needs to stop.
This article describes why supply chain security is about all of the upstream and downstream dependencies that modern applications rely on and not just open source libraries.