Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Maven Central is the backbone of the Java ecosystem, serving billions of artifact downloads annually. Its unique trust model and dependency resolution create supply chain risks that Java teams must understand.
Container image signing has gone through multiple iterations. Here is where the OCI standards stand now and what you need to implement.
SAML is the authentication backbone for enterprise SSO. Its XML-based attack surface makes it a high-value target for supply chain compromise.
CVE-2022-30525 gave attackers unauthenticated OS command injection on Zyxel firewalls. The irony of a firewall being the weakest point in your network security.
Containers are not VMs. When an attacker escapes a container, they own the host — and potentially every other container running on it. Here are the escape techniques you need to defend against.
CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.
CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.
A single bad regex can bring down your entire application. ReDoS attacks exploit catastrophic backtracking to consume unbounded CPU time.
Understanding the security risks of feature flag systems and how to prevent unauthorized flag manipulation, data exposure, and configuration drift.
Weekly insights on software supply chain security, delivered to your inbox.