Editor’s Note: Below is part one of a two-part series dedicated to understanding software supply chain attacks.