Erlang/OTP is an open source programming language designed for the development of concurrent and distributed systems. Created 40 years ago and open sourced in 1998, Erlang is used by Ericsson, Cisco, WhatsApp, Discord, and Klarna for mission critical applications as well as loved by a broad community of open source developers. With the advent of the Cyber Resilience Act (CRA), the Erlang/OTP team, jointly with the Erlang Ecosystem Foundation (EEF), began to prepare the project to meet CRA requirements.   In this presentation, Kiko will describe and dive into the various supply chain best practices implemented by the Erlang/OTP project: the creation of Source Software Bill-of-Materials (Source SBOMs), automated vulnerability scanning of dependencies using OSV, creation of OpenVEX statements, vulnerability handling in collaboration with the EEF as CNA, and contributions to towards other open source projects [[1],[2],[3]] to improve the security posture of the ecosystem. Moreover, Kiko will provide an insight into the lessons learned from implementing these measures in an open source project.