Tools & Techniques
Software Composition Analysis: The 2021 Buyer's Guide
SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.
Nov 20, 20218 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
A social engineering attack on a Robinhood customer support employee exposed personal data of approximately 7 million users, revealing the persistent vulnerability of human-facing systems.
The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.
CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.
Cream Finance suffered its third exploit in 2021, losing $130 million through a sophisticated flash loan attack that exposed fundamental vulnerabilities in DeFi lending protocols.
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.
Sigstore makes software signing accessible by eliminating the pain of key management. Here's how Cosign, Fulcio, and Rekor work together to verify software integrity.
REvil was one of the most prolific ransomware-as-a-service operations until a coordinated law enforcement takedown dismantled its infrastructure in October 2021.
Weekly insights on software supply chain security, delivered to your inbox.