The use of open-source software (OSS) in the enterprise has seen continued growth in recent years, enabling rapid innovation and solution development. Unfortunately, as OSS use has increased, so too have software supply chain attacks. From Kaseya to Log4j, attacks have made headlines and made software supply chain security top-of-mind for developers, administrators, and business leaders alike. OSS security presents unique challenges that are not typically well-served by traditional IT management and security tools. In this session, we will discuss lessons learned from helping secure the open-source pipelines of organizations across several industries, including best practices and common pitfalls to avoid. Additionally, we will discuss the implications of recent regulatory changes related to software supply chain security, and what you can do to prepare for the future.