As the Cyber Safety Review Board found in its final report on the December 2021 Log4Shell vulnerability and the chaotic aftermath, there are several systemic issues with the way all software is written, distributed and consumed that remain a serious threat to securing the world's critical digital infrastructure. Open source software is a core part of the global software supply chain, and several efforts are underway in major open source communities to address these issues. Major companies, open source software maintainers, startup companies and government actors are working together on this. Brian will share his view of this landscape, show where those efforts are already bearing fruit, and demonstrate what you and your organization can (must!) do to participate in these efforts.