This episode offers a guide to securing software supply chains, focusing on recommended practices for developers, suppliers, and customers. with detailed best practices for developers, emphasizing secure coding, build environment hardening, third-party component verification, and vulnerability response. The episode stresses the importance of secure development lifecycle (SDLC) processes, threat modeling, and artifact creation for auditing and verification. We discuss relevant frameworks like NIST SP 800-218 (SSDF) and SLSA, providing a crosswalk between its recommendations and these standards.