In 2015, UN member states committed themselves to fostering software supply chain security. But the issue has since been neglected in international forums, even as software supply chain compromises have severely impacted individuals, companies and societies. To begin to close this implementation gap, diplomatic action should focus on global promotion of processes of coordinated vulnerability disclosure (CVD). This would both …