Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Dependency hijacking encompasses multiple attack techniques that redirect dependency resolution to attacker-controlled packages. This guide covers all major hijacking vectors and their countermeasures.
Security considerations for Pulumi and Crossplane as infrastructure-as-code alternatives, including unique risks and hardening strategies.
React Native introduces unique security challenges at the intersection of JavaScript and native mobile code. Understanding these risks is essential for securing cross-platform mobile applications.
When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
How Cloudflare secures the software supply chain for infrastructure that sits between the internet and millions of websites, with lessons on Rust adoption and edge computing security.
An overview of Wiz's cloud security platform, covering its agentless architecture, graph-based risk analysis, and how it changed expectations for cloud security tooling.
In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.
CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.
Weekly insights on software supply chain security, delivered to your inbox.