Once an idealistic concept, software reuse is now a major success! Open source software, package managers, build systems all contribute to fueling large-scale reuse to develop robust applications. They are so successful that application binaries are now essentially composed of third-party code. This observation and a few high-profile attacks have let to the emergence of a new concept: the software supply chain.
This talk explores this new concept as well as the research opportunities that it opens, at the intersection of software engineering and software security. Code integrity and specialization, software composition analysis and reproducible builds are great challenges for suture software research.