Regulatory Compliance
US DoD Zero Trust: Software Dimensions
Where the DoD Zero Trust Reference Architecture meets the software supply chain, and what program offices are actually doing about it.
Jul 25, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Where the DoD Zero Trust Reference Architecture meets the software supply chain, and what program offices are actually doing about it.
Image signing in ECR has moved from nice-to-have to table stakes. Here is what it actually takes to run cosign and AWS Signer in production without breaking every deploy.
GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.
A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.
The English-speaking social engineering crew behind MGM and Caesars keeps going after developers and help desks. Here's what I keep seeing.
How to extend SentinelOne's behavioral detection engine to cover build agents, package registries, and developer endpoints without drowning analysts in false positives.
The CrowdStrike outage wasn't just an EDR problem. It exposed fundamental weaknesses in how the entire industry handles software updates, from kernel drivers to SaaS platforms.
GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.
On July 19, 2024, a faulty CrowdStrike Falcon sensor update caused 8.5 million Windows machines to blue-screen worldwide, grounding flights, halting hospitals, and exposing the fragility of centralized security infrastructure.
Weekly insights on software supply chain security, delivered to your inbox.