There's a new article showing up just today at HN detailing more issues securing supply lines (for libraries and much more) re software; it's a deep problem, not a non-existant problem. But it doesn't have to be malicious actors at work. SpaceX lost a rocket because a supplier's product wasn't built to spec. SpaceX makes that part themselves now, and highly favors vertical integration, which just means making your own sh*t. Just maintaining documentation is a bear. There's another article on HN today detailing an Air Astana near crash because of "improvement" maintenance changes (with poor documentaion) that went very badly wrong.