Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (2154)AI Security (335)DevSecOps (175)Best Practices (168)Open Source Security (142)Industry Analysis (100)Vulnerability Analysis (98)Incident Analysis (83)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (68)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Best Practices

Shifting Left Without Slowing Down

How to integrate security earlier in the development lifecycle without turning your CI pipeline into a bottleneck that developers hate.

Jun 15, 20226 min read
Application Security

The OWASP Top 10 (2021) Through a Supply Chain Security Lens

The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.

Jun 15, 20228 min read
Incident Analysis

The Log4Shell Response Playbook Six Months In

Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.

Jun 12, 20226 min read
Supply Chain Security

Linux Distribution Package Signing: How It Actually Works

Package signing is the backbone of Linux software distribution security. Most teams trust it blindly without understanding the verification chain they depend on.

Jun 12, 20227 min read
Mobile Security

Mobile App Store Security Bypass: How Malicious Apps Evade Review

App store review processes catch most malware. But the bypass techniques that work reveal systematic gaps in mobile supply chain security.

Jun 12, 20225 min read
Application Security

Electron App Supply Chain Security: Desktop Apps Built on Web Dependencies

Electron apps ship a full Chromium browser and Node.js runtime to the desktop. That means every web supply chain risk becomes a desktop attack surface — with elevated privileges.

Jun 12, 20225 min read
Vulnerability Analysis

Follina (CVE-2022-30190): The Microsoft Zero-Day That Bypassed Macro Protections

A Word document, no macros enabled, and full remote code execution. Follina exploited the Microsoft Support Diagnostic Tool via ms-msdt protocol handlers, rendering years of macro-blocking defenses irrelevant.

Jun 10, 20227 min read
Container Security

Container Runtime Security Monitoring: Catching What Scanners Miss

Image scanning finds known vulnerabilities before deployment. Runtime monitoring catches actual exploitation, zero-days, and behavioral anomalies after deployment. You need both.

Jun 8, 20225 min read
Cloud Security

AWS Supply Chain Security Best Practices You Should Adopt Today

A practical guide to securing your software supply chain on AWS, from ECR image provenance to CodePipeline hardening.

Jun 8, 20227 min read
Page 222 of 240

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights