Compliance & Regulations
NIST SSDF Framework: A Practical Guide
The Secure Software Development Framework (SSDF) is becoming the baseline for federal software security. Here's what it contains and how to implement it.
Jun 18, 20216 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Secure Software Development Framework (SSDF) is becoming the baseline for federal software security. Here's what it contains and how to implement it.
Chinese APT groups exploited CVE-2021-22893 in Pulse Secure VPN to breach defense contractors and government agencies. The irony of a security product being the entry point.
Alex Birsan's research showed how internal package names can be exploited to inject malicious code into corporate build systems. Here's how the attack works and how to defend against it.
REvil ransomware shut down the world's largest meat processor, disrupting supply chains across the US, Australia, and Canada — and resulted in an $11 million ransom payment.
Executive Order 14028 mandates SBOMs for federal software procurement. Here's a practical breakdown of what's required, what formats to use, and how to get compliant.
The Accellion FTA breach hit over 100 organizations through a 20-year-old file transfer appliance. Here's what went wrong and why legacy software is a ticking time bomb.
Attackers modified Codecov's bash uploader script to steal environment variables from CI pipelines. Thousands of repositories were exposed for two months.
The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.
President Biden's Executive Order 14028 redefined how the federal government approaches cybersecurity. Here's what every software vendor needs to know.
Weekly insights on software supply chain security, delivered to your inbox.