Software supply chain security (SSCS) is a necessary, albeit not widely understood, discipline. Because many enterprises don’t understand SSCS, it’s challenging for them to implement a comprehensive strategy for it. However, risks to businesses stemming from SSCS are undeniable and continue to escalate. In this report, we define the practice of SSCS, explain its importance, outline the enterprise’s role in it, present a vision of what good looks like, and describe how to frame this complex topic to gain organizational buy-in.