Securing the Software Supply Chain: Industry-Standard Practices, Insights, and Getting Started