Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Automated vulnerability patching sounds ideal until you consider what happens when the automation gets it wrong. Here's a realistic look at autonomous remediation.
Artifactory is the most common artifact repository in enterprise. It is also a default-permissive system where misconfigurations compound. A concrete hardening guide.
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.
Puppet modules from the Forge run with root-level access on your servers. The supply chain security of these modules deserves the same scrutiny as any dependency.
Your container runtime determines the strength of your isolation boundary. Here is an honest comparison of runc, gVisor, Kata Containers, and Firecracker from a security perspective.
Schools and universities rely on hundreds of software applications with limited security staff. Here's how education institutions can manage software supply chain risk.
Two years after Log4Shell shook the internet, many organizations still have vulnerable Log4j instances. The vulnerability changed how we think about supply chain security—but did it change how we act?
Every package ecosystem handles install-time code execution differently. Some are permissive, some restrictive, and the differences matter for supply chain security.
In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.
Weekly insights on software supply chain security, delivered to your inbox.