• What exactly happened?
  • How bad is this vulnerability, and how will we recover?
  • The secure software supply chain principles and technologies that would have helped, and how we can apply them in other contexts.