Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
From the CrowdStrike outage to state-sponsored npm campaigns and regulatory milestones, 2024 was the year supply chain security went from niche concern to operational necessity.
Field notes on running Tetragon, Falco, and Cilium eBPF controls in production Kubernetes clusters, with observed overhead, policy traps, and kernel constraints.
When a vendor's incident affects you, the coordination work between their IR team and your ops becomes its own project. How to run it well.
Debian's Reproducible Builds project has been at it for over a decade. Here's what they've learned, what still isn't reproducible, and why it matters.
From AI-generated code risks to regulatory enforcement and package manager security evolution, here are the trends that will define software supply chain security in 2025.
A look back at vulnerability disclosure in 2024: counts, severity distribution, time-to-patch, and the handful of incidents that shifted practice. Numbers, not narrative.
ATT&CK describes how adversaries operate; SSDF describes how to build software that resists them. Here's how to map adversary techniques to secure-development tasks so your threat model drives real engineering change.
How OpenTelemetry turns CI/CD pipelines into a traceable, queryable graph that exposes supply chain risk from source control to production deployment.
A look at how organizations can claim reserved namespace prefixes on RubyGems.org, what the policy currently supports, and where it falls short for real enterprise use cases.
Weekly insights on software supply chain security, delivered to your inbox.