“ Supply chain attacks are malicious updates that sneak into open source code used by many apps.” No!

This should be: Supply chain attacks are malicious updates that sneak into source code used by many apps.

Stop blaming FOSS. Too many people still have the perception that FOSS software is insecure