Over the last few years, terms like SBOM, VEX, SLSA, and GUAC have crept into our supply chain security discussions. While we all agree from the surface that knowing what is in our code is likely a good idea, for a lot of teams, this feels like another set of boxes to check when filing security compliance paperwork. But what is really going on here, and what is driving us into this acronym soup? In this session, we will explore multiple terms and the deeper questions of what they are trying to answer. You will walk away with a more holistic understanding of where we need to go as an industry to protect ourselves from the current and future waves of threats on the horizon. Before you throw another security tool at the problem or throw your hand up in despair, let's explore why better understanding these ideas means being able to better protect your organization.