Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A running ledger of typosquat incidents on RubyGems.org through 2024, the patterns across them, and what the year's data says about where the registry's defenses still fall short.
Both are CNCF graduated runtimes. Both run production clusters. Their security properties diverge in ways that matter for hardened environments.
Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.
A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
Zig offers memory safety features that C lacks but does not go as far as Rust. For security-critical code, understanding where Zig sits on the safety spectrum matters.
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.
Gradle version catalogs centralise dependency versions in one file. The security payoff is concrete: auditability, uniform enforcement, and a single PR gate.
Weekly insights on software supply chain security, delivered to your inbox.