Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The 2021 Colonial Pipeline attack exposed critical infrastructure vulnerabilities when a compromised VPN password led to a $4.4 million ransom and fuel shortages across the Eastern United States.
A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.
Software escrow agreements protect your organization when a critical vendor goes dark. Here is how to structure them with security in mind.
The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.
The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.
Five years after CVE-2014-6271, Shellshock remains the clearest case study in how one interpreter bug becomes thousands of downstream holes.
Five years after CVE-2014-0160, Heartbleed still shapes how we think about shared cryptographic libraries, disclosure ethics, and open-source funding.
Operation ShadowHammer pushed a signed backdoor to roughly half a million ASUS laptops, targeting a list of 600 specific MAC addresses.
XcodeGhost in 2015 infected at least 128 million iOS users through a malicious Xcode download. It is still the cleanest compiler-trust case.
Weekly insights on software supply chain security, delivered to your inbox.