Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Vulnerability scanning catches known CVEs. But open source risk goes deeper — license compliance, maintainer health, dependency freshness, and supply chain attacks.
Why enterprise AI for security requires genuine on-premises deployment, not just a SaaS endpoint with a VPN in front of it.
A grounded look at BFV, CKKS, and TFHE schemes for supply chain workloads, measured costs, library choices, and where HE is not yet practical.
From AI-generated SBOMs to regulatory enforcement and the death of CVSS-only triage, here is what the software security landscape will look like in 2026.
SBOM requirements are now embedded in regulations across the US, EU, Japan, and beyond. A practical tracker of what is required, by whom, and by when.
The confused deputy problem takes on new and subtle forms when AI agents invoke tools on behalf of users. A technical deep dive with concrete mitigations.
The 2025 annual SSCS report lands into a changed landscape. Key findings, trend lines, and what the numbers actually imply for 2026 planning.
From the CVE program funding crisis to the rise of AI-targeted supply chain attacks, 2025 reshaped the software security landscape. A comprehensive look at the year's defining events and trends.
A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.
Weekly insights on software supply chain security, delivered to your inbox.