Not so excited about the sudden explosion of "supply chain security startups" whose sales pitch seems to basically be that we can solve systemic problems with FOSS dependency security and funding by just Buying Their Specific Magical Product, rather than a commons-based solution.
Follow
Like, all the systemic industry-wide security issues weren't solved with More Capitalism the last 3 times people tried that either, and in the end it was always some frustrated unpaid random creature with an angry blog post who did the actual work, if it was ever solved at all
And if you don't have an answer to "how will the supply chain have been improved if my company folds tomorrow", then you're not rescuing the supply chain at all, you're just running a business