Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A maximum-severity vulnerability in Erlang/OTP's SSH server allowed unauthenticated remote code execution. Any system running Erlang's built-in SSH daemon was at risk, including telecom infrastructure.
Mozilla and Google expanded cargo-vet's shared audit pool to 14,000 crates in Q1 2025. Here's how to adopt it without drowning in imports.
CVE-2025-24054 leaks NTLM hashes through .library-ms files with minimal user interaction. Microsoft patched it in April 2025, but exploitation started almost immediately.
Build a repeatable end-to-end test harness for your signing pipeline that proves artifacts are signed correctly and that verification fails when tampered.
From the EU Cyber Resilience Act to Japan's software security guidelines, governments worldwide are mandating software transparency. A comprehensive overview of the global regulatory landscape.
How to scope a bug bounty program when most of your attack surface lives in third-party dependencies — with guidance on payouts, triage, and upstream coordination.
A critical authentication bypass in CrushFTP allowed unauthenticated access to file transfer servers. Exploitation was observed within days of disclosure, targeting multiple industries.
The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.
A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.
Weekly insights on software supply chain security, delivered to your inbox.