David A. Wheeler, the Linux Foundation's Director of Open Source Supply Chain Security, explained that in the Orion attack that the malicious code was inserted into Orion by subverting the program's build environment. This is the process in which a program is compiled from source code to the binary executable program deployed by end-users. In this case, the security company CrowdStrike worked out that the Sunspot malware watched the build server for build commands and silently replaced some of Orion's source code files with malware. By entering the program before it's even properly a program, this hack makes most conventional security advice useless. For example,