Comment by belorn

I suspect from a company perspective, it is all just different degree of relying on a supply chain. Any company that outsource production that goes directly to customers are relying on reputation and contracts, and the assumption that they can apologize to customers and change supplier when/if something goes wrong. I seem to hear that a common practice is to do random sampling in order to do quality control, but in terms of supply chain attacks it wouldn't do much good if the attacker is a state actor with the ability to create non-tampered version.