Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A breach at Shield Health Group, a Massachusetts medical imaging provider, exposed personal and medical data of approximately 2 million patients — highlighting the healthcare sector's persistent vulnerability.
Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.
Attackers used credential stuffing to compromise GM customer accounts, stealing reward points and personal data — a reminder that password reuse remains one of the most exploitable habits in cybersecurity.
JBoss application servers have been a recurring target for attackers. From deserialization flaws to exposed management interfaces, the middleware layer remains a critical attack surface.
The way open source projects get funded directly shapes their security outcomes. From corporate sponsorship to bounty programs, each model creates different incentives and blind spots.
The ctx package on PyPI was hijacked to steal environment variables from developer machines. The attack exploited an expired domain to take over a maintainer account — a novel and repeatable technique.
Every application that processes images depends on parsing libraries with a long history of memory corruption bugs. Here is what is at stake.
Practical secure coding habits every developer should build, covering input validation, authentication, dependency management, and more.
Pinning dependencies feels like a complete answer to supply chain risk. It is not — and the gap between pinning and real integrity matters more in 2022 than ever.
Weekly insights on software supply chain security, delivered to your inbox.