Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
AI Security

Task-Routed LLM Architectures For Security

One model for every task wastes budget on trivial work. Task-routed architectures match model capability to task requirements — the right lever for security at scale.

Feb 25, 20262 min read
AI Security

Windsurf vs Sourcegraph Cody: Security Comparison

A side-by-side security comparison of Windsurf and Sourcegraph Cody: data handling, agent scope, deployment models, and enterprise controls.

Feb 25, 20265 min read
Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read
SBOM

SBOMs for Firmware and IoT Devices: The Hard Problem

Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.

Feb 25, 20266 min read
Threat Intelligence

Cozy Bear / Midnight Blizzard Supply Chain Tactics

Midnight Blizzard (APT29, Cozy Bear) has refined long-dwell supply chain access into an operational art. Here is what their 2023-2025 pattern looks like to defenders.

Feb 25, 20266 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Vulnerability Analysis

CVE-2024-45519 Zimbra Unauth RCE Breakdown

A technical breakdown of CVE-2024-45519, the unauthenticated RCE in Zimbra's postjournal service, how it was exploited in the wild, and what defenders should take away.

Feb 25, 20267 min read
AI Security

Retrieval Context Poisoning At Scale

Retrieval context poisoning scales differently than direct prompt injection. The attacker's leverage grows with the RAG ingest surface.

Feb 24, 20262 min read
AI Security

Griffin AI vs Gemini Multimodal: Security

Gemini's multimodal capabilities are genuinely useful for some security workflows. For most security workflows, the modality is code and text, not images.

Feb 24, 20262 min read
Page 28 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights