The last two years have been filled with high-profile enterprise security incidents that shared a common origin: breach of a trusted software provider. In truth, supply chain attacks have played a key role in numerous targeted and opportunistic attacks - many of which flew under the radar - for years. This presentation examines the emergence of software supply chain compromises, the factors incentivizing attackers to adopt this approach, and practical approaches to risk mitigation and defense that enterprises can take in response.