Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Attackers bypassed Crypto.com's two-factor authentication system to drain approximately $34 million from 483 user accounts, raising serious questions about the security of centralized crypto exchanges.
TypeScript's strict mode catches entire categories of bugs at compile time. Some of those bugs have direct security implications.
Marak Squires deliberately broke two of npm's most popular packages to protest the exploitation of open source maintainers. The fallout exposed how fragile our dependency chains really are.
The node-ipc package was deliberately sabotaged by its maintainer to protest the Russia-Ukraine conflict, wiping files on systems with Russian or Belarusian IP addresses. A watershed moment for supply chain trust.
2021 was the year software supply chain attacks went mainstream. From SolarWinds aftermath to Log4Shell, here's every major incident and what they tell us about the threat landscape.
Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.
CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.
Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.
You know Log4Shell is bad. Now here's how to find every instance in your environment and fix it — including the edge cases everyone misses.
Weekly insights on software supply chain security, delivered to your inbox.