A year ago, the Solarwind hacks revealed the vulnerabilities that exist in global software supply chains. Last weekend, the Apache Log4j vulnerability exploit was discovered, catching cyber security teams off-guard, and coming at a time when organisations are still struggling to protect the software supply chain from third-party risk.