Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (2154)AI Security (335)DevSecOps (175)Best Practices (168)Open Source Security (142)Industry Analysis (100)Vulnerability Analysis (98)Incident Analysis (83)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (68)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Organizational Security

Security Incident Communication Guide

How to communicate during and after a security incident without making things worse. Templates, timelines, and principles for crisis communication.

Aug 25, 20237 min read
Tool Reviews

Socket.dev: Detecting Supply Chain Attacks Before They Hit

A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.

Aug 22, 20235 min read
Vulnerability Analysis

WinRAR Zero-Day CVE-2023-38831: Weaponized Archives in the Wild

A WinRAR vulnerability exploited since April 2023 allowed attackers to execute arbitrary code when users opened seemingly harmless files inside ZIP archives.

Aug 20, 20235 min read
Compliance

Japan's Approach to Cybersecurity and Software Supply Chain Security

Japan is rapidly building cybersecurity policy around software supply chain risk. Here's what the regulatory landscape looks like and where it's headed.

Aug 20, 20236 min read
Software Supply Chain Security

pip Install Hooks Security: The Python Packaging Backdoor

Python's setup.py runs arbitrary code during package installation. Despite efforts to move to declarative metadata, the risk persists.

Aug 18, 20234 min read
DevSecOps

DevSecOps Toolchain Integration Patterns That Actually Work

Most DevSecOps tool integrations fail because they are bolted on rather than designed in. Here are integration patterns that provide security value without breaking the developer experience.

Aug 18, 20236 min read
Kubernetes Security

Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation

By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.

Aug 18, 20237 min read
Threat Intelligence

Threat Hunting in the Software Supply Chain

Proactive threat hunting techniques adapted for software supply chain security—because waiting for alerts isn't enough when adversaries hide in your dependencies.

Aug 18, 20236 min read
Best Practices

Security Champions With a Supply Chain Focus

Designing and running a security champions program specifically for supply chain risks, including recruitment, training, cadences, and measurable impact.

Aug 16, 20236 min read
Page 176 of 240

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights