The Point Is Addressing

Communications of the ACM 

OSS Supply-Chain Security: What Will It Take?