Risk Management
Business Impact Analysis for Software Dependency Failures
Most BIAs ignore software dependencies entirely. Here is how to quantify the real business impact when a critical library or service goes down.
Sep 10, 20217 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Most BIAs ignore software dependencies entirely. Here is how to quantify the real business impact when a critical library or service goes down.
GraphQL gives clients extraordinary power over queries. That flexibility is also its biggest security risk. Here is how to lock it down without killing usability.
A critical vulnerability in Azure Cosmos DB allowed any user to gain full admin access to other customers' database instances, exposing data from thousands of organizations including Fortune 500 companies.
Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.
The Pegasus Project revealed NSO Group's spyware targeting journalists, activists, and politicians through zero-click exploits. This is what a weaponized supply chain looks like.
Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.
Most teams claim they've adopted DevSecOps. Few have actually matured beyond running a scanner in CI. Here's a practical maturity model to figure out where you really are.
A single poorly written regex can take down your server. ReDoS is a subtle denial-of-service vulnerability hiding in dependencies you have never audited.
CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.
Weekly insights on software supply chain security, delivered to your inbox.