The document summarizes challenges with software supply chain security following the Equifax breach. It notes that Equifax was breached through a vulnerability in the Apache Struts application that was not patched for over 5 months. Most modern applications consist of assembled third-party components, but only a small percentage of known vulnerabilities in open source components are quickly fixed. It then discusses the need to establish trusted software supply chains through technology and processes to verify the integrity and provenance of components. Ultimately, companies are responsible and potentially liable for securing their systems and data, even if vulnerabilities are introduced through third-party components.