The field of software supply chain security and incident response is rapidly evolving, with a growing focus on developing innovative solutions to combat increasingly sophisticated threats. Recent research has emphasized the importance of adopting a holistic approach to risk governance, taking into account both internal vulnerabilities and external threats. This includes the development of frameworks and tools to support adaptive threat detection, incident reporting, and vulnerability management. Notable advancements include the use of socio-technical models to inform threat detection, the creation of agnostic incident reporting frameworks, and the development of automated security risk detection methods using call graph analysis. Noteworthy papers include: Everyone Needs AIR: An Agnostic Incident Reporting Framework for Cybersecurity in Operational Technology, which presents a novel framework for live OT incident reporting. Towards Socio-Technical Topology-Aware Adaptive Threat Detection in Software Supply Chains, which outlines a research vision for developing socio-technical models to support adaptive threat detection. Internal Vulnerabilities, External Threats: A Grounded Framework for Enterprise Open Source Risk Governance, which proposes a holistic risk governance framework for enterprise open source engagement.