Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (2154)AI Security (335)DevSecOps (175)Best Practices (168)Open Source Security (142)Industry Analysis (100)Vulnerability Analysis (98)Incident Analysis (83)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (68)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Vulnerability Analysis

Microsoft Teams Vulnerability: External Tenant Attacks and the Collaboration Security Gap

Researchers demonstrated that Microsoft Teams' default configuration allowed external attackers to deliver malware directly to employees, bypassing email security controls entirely.

Jun 22, 20236 min read
DevSecOps

SpotBugs Security Detectors for Java: A Practical Guide

SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.

Jun 22, 20234 min read
SBOM Standards

CycloneDX v1.5: New Features and What They Mean for Your SBOM Program

CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.

Jun 20, 20236 min read
Emerging Technology

Quantum Computing and the Coming Cryptography Crisis in Supply Chains

Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.

Jun 20, 20235 min read
Vulnerability Analysis

Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout

While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.

Jun 20, 20236 min read
Best Practices

Flask Application Security: A Deep Dive

Flask gives you room to make mistakes. This is a long look at the patterns that keep Flask apps safe in 2023, covering sessions, extensions, Werkzeug, and Jinja.

Jun 18, 20237 min read
Code Security

Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata

SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.

Jun 18, 20236 min read
Vulnerability Analysis

Barracuda ESG Zero-Day CVE-2023-2868: When Patching Isn't Enough

Barracuda told customers to physically replace compromised Email Security Gateway appliances. The vulnerability had been exploited since October 2022.

Jun 15, 20236 min read
Security Strategy

Security Maturity Benchmarking: How to Measure Against Your Peers

Security maturity models provide structure, but benchmarking against peers provides context. Here is how to build a meaningful security maturity benchmark without falling into common traps.

Jun 15, 20236 min read
Page 184 of 240

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights