Extending the focus of application security to securing the software supply chain