Infrastructure Security
Debian Repository Security: A Practical Hardening Guide
Debian APT is powerful but riddled with trust assumptions. Here is how to lock it down for production environments.
Oct 12, 20226 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Debian APT is powerful but riddled with trust assumptions. Here is how to lock it down for production environments.
Regulatory pressure is forcing Apple to allow sideloading. For enterprise security teams, this changes the iOS threat model fundamentally.
Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.
A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.
OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.
GDPR's security requirements extend deep into software supply chains. Here's where data protection law meets dependency management.
Calculating security ROI is notoriously difficult because you are measuring things that did not happen. Here are methods that produce credible numbers.
Each package manager has its own security model, attack surface, and best practices. This guide compares npm, pip, and Maven from a supply chain security perspective.
Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.
Weekly insights on software supply chain security, delivered to your inbox.