Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
South Korea is strengthening cybersecurity regulations with new supply chain security frameworks. Here's the landscape for software vendors.
AnyDesk confirmed a breach of their production systems in late January 2024, forcing revocation of code signing certificates and a mandatory password reset for all users.
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.
Defense contractors face unique SBOM challenges. This guide covers CMMC alignment, DFARS clauses, and practical steps to meet DoD software supply chain requirements.
YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.
Vite and Turbopack represent the next generation of JavaScript build tools. Their architectures introduce new security considerations alongside their performance improvements.
Fintech startups face intense regulatory scrutiny from the start. SBOMs are not just good practice — they are becoming a regulatory expectation that investors and partners demand.
Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.
Weekly insights on software supply chain security, delivered to your inbox.