Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Six months after the OSS Pledge launch, adoption is climbing but uneven. Who signed, who followed through with funding, and what the pledge has actually shifted in open-source economics.
containerd runs most of Kubernetes today. Its defaults are reasonable, but reasonable is not hardened. Here is how to close the gaps.
Kotlin Multiplatform ships one codebase to JVM, iOS, Android, JS, and native targets. The supply chain surface expands in specific ways worth tracking.
When a critical dependency is compromised, your disaster recovery plan determines whether you recover in hours or weeks. Most DR plans do not cover this scenario.
Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.
Three years after the landmark cybersecurity executive order, SBOM adoption is growing but uneven, secure development attestation is rolling out, and the gap between policy and practice remains wide.
The Cloud Native Computing Foundation funds independent security audits for its projects. The findings reveal patterns that every cloud native adopter should understand.
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
How Russia's SVR-linked APT29 quietly industrialized supply chain compromise from SolarWinds to TeamCity and JetBrains tooling.
Weekly insights on software supply chain security, delivered to your inbox.