How are there not more software supply chain attacks than there seem to be ?

More and more devs are wising up and using tools like @feross's socket.dev

✨ Founder + CEO Socket (socket.dev) • 🌲 Stanford lecturer (cs253.stanford.edu) • ❤️ Open source at WebTorrent + StandardJS • 🧙‍♂️ Mad scientist

Husband, dada, devil’s advocate in crypto. Previously @rainbow

A lot of people with insider access know they don’t have good enough opsec to get away with it.

Speculating wildly, but I wouldn't be surprised if the prevalence of open source software at vital attack surface points reduces the potential attack surface. But I'm biased in that opinion 🤷