Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.
Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.
Legacy systems are supply chain time bombs—running outdated dependencies, unsupported frameworks, and unmaintained libraries. Here's how to manage the risk.
Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.
Medical devices and healthcare IT systems depend on software with hidden vulnerabilities. Here's how SBOMs and supply chain security intersect with HIPAA.
MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.
Manual key rotation does not happen. Automated rotation does. Here is how to implement zero-downtime API key rotation for the services and credentials that matter most.
A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.
Apache httpd still serves millions of websites. Its default configuration exposes information, accepts weak TLS, and enables features you probably do not need.
Weekly insights on software supply chain security, delivered to your inbox.