Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Apple's 2021 announcement of on-device CSAM scanning ignited a fierce debate about surveillance, encryption, and the boundaries of technology companies' responsibility — leading Apple to ultimately abandon the plan.
Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.
The maintainer of colors and faker deliberately corrupted his own packages, affecting thousands of projects. It raised uncomfortable questions about open source sustainability and trust.
Most BIAs ignore software dependencies entirely. Here is how to quantify the real business impact when a critical library or service goes down.
GraphQL gives clients extraordinary power over queries. That flexibility is also its biggest security risk. Here is how to lock it down without killing usability.
A critical vulnerability in Azure Cosmos DB allowed any user to gain full admin access to other customers' database instances, exposing data from thousands of organizations including Fortune 500 companies.
Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.
The Pegasus Project revealed NSO Group's spyware targeting journalists, activists, and politicians through zero-click exploits. This is what a weaponized supply chain looks like.
Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.
Weekly insights on software supply chain security, delivered to your inbox.