Software Supply Chain Security: Three Risks to Address ASAP