Editor’s Note: Below is part two of a two-part series dedicated to understanding software supply chain attacks.