Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A critical authentication bypass in FortiOS and FortiProxy allowed attackers to gain super-admin privileges via crafted Node.js websocket requests. Here's what happened and how to protect your infrastructure.
A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.
Safeguard 5.0 introduces Griffin AI, expanded SBOM analysis, and a redesigned policy engine. Here is what is new and why it matters for your security program.
COTS software, mega-constellations, and export controls are colliding. The space sector's software supply chain risk is shifting faster than its tooling.
Zoom's security history from 2020 onward reshaped how the industry thinks about conferencing software supply chains, from installers to third-party components.
The end of the year is when security programs are made or broken. Here is how to conduct an effective annual security review and build a plan that will actually be executed.
Moving from one orchestration platform to another surfaces hidden trust relationships. A security-first migration plan for Airflow, Dagster, and Prefect transitions.
Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.
Fulcio issues short-lived certificates for keyless signing. Here is the enterprise view of how those certificates are issued, validated, and woven into long-term trust.
Weekly insights on software supply chain security, delivered to your inbox.