Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.
SBOMs locked in files are static inventory. SBOMs exposed through APIs become live infrastructure. Here's how to build the integration layer.
In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.
How Netflix manages security across hundreds of open-source projects and thousands of internal dependencies while maintaining the velocity that streaming demands.
Three audit tools, three philosophies, three blind spots. A ground-level comparison of how npm, pnpm, and yarn surface vulnerabilities, and where each one leaves you exposed.
Manufacturing OT systems depend on software supply chains that most security teams don't monitor. Here's how to extend supply chain security to the factory floor.
Securing React applications from XSS, dependency vulnerabilities, and common frontend attack patterns.
In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.
Russian state actors compromised Microsoft executive email accounts through a password spray attack on a legacy test tenant. The breach exposed how identity misconfigurations cascade.
Weekly insights on software supply chain security, delivered to your inbox.