Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.
Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.
Modernize the supply chain around COBOL systems without rewriting them. Build provenance, SBOMs, and policy gates for mainframe code that is not going anywhere.
A hands-on security review of Please, the open-source Bazel-inspired build system, including sandbox behavior, BUILD rules, and supply chain trade-offs.
The SLSA specification sets explicit requirements for builders at each level. Here is what those requirements actually mean when you operate a builder in production.
You cannot patch everything immediately. Here is a risk-based framework for deciding which patches to apply first when your vulnerability backlog exceeds your capacity.
The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.
Bicep and ARM templates produce the same deployments, but their security properties diverge — in module provenance, what-if analysis, registry trust, and review experience.
Where Conjur fits in 2024 for enterprise secrets management, what it does well, where it hurts, and how to roll it out without drowning the platform team.
Weekly insights on software supply chain security, delivered to your inbox.