Dr. Stephen Magill discusses the key findings from Sonatype’s 8th Annual State of the Software Supply Chain Report. Over the past year, Sonatype studied dependency update patterns for thousands of open source projects, analyzed hundreds of survey responses, and took a critical look at commonly-held beliefs about effectively managing security risk.