S2E2: Cole Kennedy - Software Supply Chain Security, SBOM and Open Source

I was reading the CISA document "Defending Against Software Supply Chain" and was curious if the guidance within was helpful or informative for anyone who wants to start a S-SCRM program? What role do you feel compliance frameworks play in SCRM? We are seeing sources such as NIST 800-53 include SCRM specific controls now. Will it help?What would you say is the most resilient component an individual could add to their own organization to recover quickly in the event of a software supply c...