Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.
Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.
Configure GitHub repository security settings for branch protection, secret scanning, dependency alerts, and code scanning.
A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.
Your software supply chain has single points of failure that would take down your entire operation. Most organizations have never mapped them.
A heap-based buffer overflow in Fortinet's SSL-VPN was actively exploited before disclosure. State-sponsored actors used it to deploy custom implants on critical infrastructure.
Most dependency audits get done in a panic after a CVE lands. A planned year-end audit is cheaper, more thorough, and produces a backlog you can actually work through in Q1.
You have raised Series A, hired 20 engineers, and landed your first enterprise customers. Your seed-stage security shortcuts are starting to crack. Here is how to scale security alongside your product.
Rust build scripts run arbitrary code during compilation. Here is what they can access and how to evaluate the risk in your dependency tree.
Weekly insights on software supply chain security, delivered to your inbox.