Securing the Third-Party Software Supply Chain