Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The SBOM tooling ecosystem has matured significantly, but choosing the right tools still requires understanding the tradeoffs between formats, generators, and analysis platforms.
How Microsoft rebuilt its security posture after years of high-profile incidents, implementing supply chain controls that now protect one of the world's largest software ecosystems.
Every pip install is a trust decision. The Python Packaging Authority has spent years hardening the ecosystem, but the attack surface remains vast and the threat actors are persistent.
In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.
A hands-on look at how Dependabot security updates behave in 2023 - PR grouping, semver strategy, transitive coverage, and alternatives when it misses a fix.
Electron apps ship Chromium, Node.js, and your entire npm tree to a user's desktop, running with the privileges of the logged-in user. The supply chain implications are severe enough that they deserve their own category of threat model.
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
Canada is integrating software supply chain security into its national cyber strategy. Here's where SBOMs fit in and what's coming next.
Flutter's pub ecosystem is growing fast. The security tooling has not kept pace. Here is what you need to know about securing Dart dependencies.
Weekly insights on software supply chain security, delivered to your inbox.