Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
CVE-2023-51467 bypassed a previous patch for an authentication flaw in Apache OFBiz, granting unauthenticated access to ERP functionality. A patch bypass that exposed critical business data.
Npm's team-based permissions are more expressive than most organizations use. A walkthrough of the access model and the configurations that actually reduce blast radius.
From the MOVEit mass exploitation to AI model risks, 2023 proved that supply chain attacks are accelerating in both sophistication and scale. Here's what we learned.
A practical template for creating a vulnerability disclosure policy, with guidance on safe harbor provisions, response timelines, and researcher relationships.
In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.
In December 2023, Comcast's Xfinity division disclosed that attackers exploiting the Citrix Bleed vulnerability had accessed personal data of 35.9 million customers, including usernames, hashed passwords, and partial Social Security numbers.
Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.
How red teams can simulate real-world supply chain attacks to test organizational defenses—from dependency confusion to build pipeline compromise.
The SEC's new cybersecurity disclosure rules require public companies to report material incidents within four days. Here's the operational impact.
Weekly insights on software supply chain security, delivered to your inbox.