I don’t know where to start with the comment above. First, different code bases receive different levels of scrutiny, so factor this in. Second, there are tools that can help with supply chain security. Third, security isn’t all or nothing; we can and do make decisions under uncertainty. Fourth, who is accountable when things go badly?