Application Security
.NET Trimming Security Implications: What Gets Cut and Why It Matters
IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.
Mar 12, 20245 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.
Architecture reviews catch security issues before code is written. Most organizations skip them or do them poorly. Here is a process that works.
Power utilities and energy companies must secure software supply chains while meeting NERC CIP requirements. Here's a practical approach.
A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.
Flutter apps pull dozens of Dart packages from pub.dev. Most teams never audit them. Here is how to manage dependency security in the Flutter ecosystem without slowing down development.
CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.
CISA added 40+ CVEs to the Known Exploited Vulnerabilities catalog in Q1 2024. We break down the vendor mix, the edge-device bias, and what to prioritize.
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
A medium-severity Kubernetes vulnerability allowed pods to access secrets they should not have been able to mount, undermining RBAC-based secret isolation in multi-tenant clusters.
Weekly insights on software supply chain security, delivered to your inbox.