Attackers can create vulnerabilities in software before they are even deployed, by attacking their development environments. This talk will discuss some of these attacks, including malicious software developers, subverted supply chains/repositories, and the "trusting trust" attack. We will then discuss approaches for countering attacks, such as deterministic builds and diverse double-compiling.