Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Safeguard Portal lets you share SBOM data, vulnerability status, and compliance documentation with customers through a branded, self-service interface.
Andres Freund noticed SSH was 500ms slower than expected. That observation prevented the most dangerous supply chain attack in open source history from reaching stable Linux distributions.
PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.
In March 2024, AT&T confirmed that a dataset containing personal information of approximately 73 million current and former customers, including encrypted passcodes, had been published on the dark web, three years after its initial appearance.
A multi-year social engineering campaign planted a backdoor in XZ Utils that would have compromised SSH on most Linux distributions. Technical deep dive into what happened.
Mixing public and private modules through a Go proxy is where most teams get their configuration wrong, and the mistakes range from leaked module names to accepted unverified code.
Ninja is a low-level build tool, not a package manager. That framing matters for understanding its supply chain properties and common misconceptions.
A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.
A practical playbook for protecting the supply chain of services running on Cloud Run: image provenance, Binary Authorization, runtime identity, and the gaps the default configuration leaves wide open.
Weekly insights on software supply chain security, delivered to your inbox.