Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Scanners generate findings. Programs produce outcomes. After a decade of dashboards and CVE counts, it is time to admit the gap between the two is the actual security problem.
CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.
A working production setup for Cosign image signing across CI, registries, and Kubernetes admission, including the parts that break at scale and how to recover.
A practical look at npm provenance in 2026: what statements prove, how to publish them from CI, and where they quietly fail when teams treat them as magic.
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.
A deeper look at the commercial and technical thesis behind Safeguard's exploratory partnership discussions with Tech-D Cybersecurity Ltd.
Griffin AI reports 98-100% hold rate against adversarial probes. Most Mythos-class tools have never published an adversarial number at all.
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
CVE-2024-40711 is a critical unauth RCE in Veeam Backup & Replication. Deserialization flaw, exploit chain, and ransomware operator abuse.
Weekly insights on software supply chain security, delivered to your inbox.