Open Source Security
Rust Embedded Supply Chain Guide
Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.
Dec 18, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.
Sentinel has everything it needs to detect supply chain attacks in Azure — but only if the analytics rules are tuned to what those attacks actually look like.
BlackTech's firmware implants in Cisco routers turned edge devices into long-dwell footholds. A look at the tradecraft and what defenders missed.
PyPI download numbers are noisy, gameable, and widely misused. A closer look at what they actually measure, how to read them for security purposes, and where they break.
Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.
A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.
Codes of conduct are not just social documents. They affect maintainer retention, contributor diversity, and ultimately the security posture of the project.
Engineer laptops are the softest target in most organizations. Here is a senior engineer's look at the real exfiltration paths for developer secrets and how to shut them down.
Despite growing recognition that open source underpins critical infrastructure, security funding remains fragmented and insufficient. A look at the numbers and what needs to change.
Weekly insights on software supply chain security, delivered to your inbox.