Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Font parsing has been a goldmine for attackers. The history of font vulnerabilities reveals deep supply chain risks in every operating system.
After months of processing backlogs and community frustration, NIST announces a new consortium to modernize and sustain the National Vulnerability Database.
Not every vulnerability in your dependencies is exploitable. Safeguard's reachability analysis determines whether vulnerable code paths are actually invoked in your application.
How to scope a bug bounty program that addresses supply chain risks: in-scope assets, payout tiers, triage workflow, and avoiding the trap of dependency CVE bounties.
How age and SOPS together deliver a lightweight, auditable, Git-native secrets workflow that stands up to real production use without a vault server.
Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.
Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.
A practical hardening guide for Buildkite: agent isolation, pipeline upload security, plugin risks, and the agent-token rotation strategy that keeps the trust model intact.
Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.
Weekly insights on software supply chain security, delivered to your inbox.