Safeguard.sh Blog

Safeguard.sh Blog Insights on software supply chain security, SBOM compliance, and DevSecOps https://safeguard.sh/resources/blog en-us Sun, 26 Apr 2026 13:27:58 GMT hi@safeguard.sh (Safeguard Team) hi@safeguard.sh (Safeguard Team) 60 https://safeguard.sh/icons/icon-192.png Safeguard.sh Blog https://safeguard.sh/resources/blog <![CDATA[Building an Eval Suite for Your Security LLM Workflows]]> https://safeguard.sh/resources/blog/building-eval-suite-security-llm-workflows https://safeguard.sh/resources/blog/building-eval-suite-security-llm-workflows Wed, 22 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Zero-Day Discovery With LLM-Augmented Reachability: A Safeguard Engine Walkthrough]]> https://safeguard.sh/resources/blog/zero-day-discovery-llm-augmented-reachability https://safeguard.sh/resources/blog/zero-day-discovery-llm-augmented-reachability Sun, 19 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[2026 Q1 CVE Trend Analysis]]> https://safeguard.sh/resources/blog/2026-q1-cve-trend-analysis https://safeguard.sh/resources/blog/2026-q1-cve-trend-analysis Sat, 18 Apr 2026 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[What Is a Software Supply Chain Attack? A 2026 Primer]]> https://safeguard.sh/resources/blog/software-supply-chain-attack-primer-2026 https://safeguard.sh/resources/blog/software-supply-chain-attack-primer-2026 Fri, 17 Apr 2026 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Frontier LLM Vendors Are Not Your Supply Chain Security Vendor]]> https://safeguard.sh/resources/blog/frontier-llm-vendors-not-supply-chain-security https://safeguard.sh/resources/blog/frontier-llm-vendors-not-supply-chain-security Thu, 16 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Total Cost of Ownership: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-total-cost-of-ownership https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-total-cost-of-ownership Thu, 16 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM vs. VEX: What's the Difference and When Do You Need Each?]]> https://safeguard.sh/resources/blog/sbom-vs-vex-when-do-you-need-each https://safeguard.sh/resources/blog/sbom-vs-vex-when-do-you-need-each Wed, 15 Apr 2026 10:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough]]> https://safeguard.sh/resources/blog/how-to-read-a-cyclonedx-sbom-walkthrough https://safeguard.sh/resources/blog/how-to-read-a-cyclonedx-sbom-walkthrough Mon, 13 Apr 2026 10:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[Model Context Protocol Permissions Model Explained]]> https://safeguard.sh/resources/blog/model-context-protocol-permissions-model https://safeguard.sh/resources/blog/model-context-protocol-permissions-model Sun, 12 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)]]> https://safeguard.sh/resources/blog/why-llms-are-structurally-insecure https://safeguard.sh/resources/blog/why-llms-are-structurally-insecure Sun, 12 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Qilin Ransomware Supply Chain Tactics 2025]]> https://safeguard.sh/resources/blog/qilin-ransomware-supply-chain-tactics-2025 https://safeguard.sh/resources/blog/qilin-ransomware-supply-chain-tactics-2025 Sat, 11 Apr 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious]]> https://safeguard.sh/resources/blog/anthropic-mythos-vulnerability-scanner-honest-review https://safeguard.sh/resources/blog/anthropic-mythos-vulnerability-scanner-honest-review Fri, 10 Apr 2026 18:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach]]> https://safeguard.sh/resources/blog/single-model-vulnerability-scanning-limitations-mythos-analysis https://safeguard.sh/resources/blog/single-model-vulnerability-scanning-limitations-mythos-analysis Fri, 10 Apr 2026 15:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[API Surface Reviewed: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-api-surface-review https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-api-surface-review Fri, 10 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Why LLM-Based Vulnerability Scanning Needs More Than a Single Model]]> https://safeguard.sh/resources/blog/why-llm-vulnerability-scanning-needs-more-than-a-model https://safeguard.sh/resources/blog/why-llm-vulnerability-scanning-needs-more-than-a-model Fri, 10 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[The EU Cyber Resilience Act Explained for Software Vendors]]> https://safeguard.sh/resources/blog/eu-cyber-resilience-act-explained-for-software-vendors https://safeguard.sh/resources/blog/eu-cyber-resilience-act-explained-for-software-vendors Fri, 10 Apr 2026 10:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else]]> https://safeguard.sh/resources/blog/safeguard-zero-day-discovery-taor-architecture https://safeguard.sh/resources/blog/safeguard-zero-day-discovery-taor-architecture Fri, 10 Apr 2026 09:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[EU AI Act Enforcement Begins: 2026 Reality Check]]> https://safeguard.sh/resources/blog/eu-ai-act-enforcement-begins-2026 https://safeguard.sh/resources/blog/eu-ai-act-enforcement-begins-2026 Fri, 10 Apr 2026 00:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source vs Commercial Security Scanners 2026]]> https://safeguard.sh/resources/blog/open-source-vs-commercial-security-scanners-2026 https://safeguard.sh/resources/blog/open-source-vs-commercial-security-scanners-2026 Thu, 09 Apr 2026 00:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[LLM Traces and Evals: The Missing Layer in AI Supply Chain Security]]> https://safeguard.sh/resources/blog/llm-traces-and-evals-ai-supply-chain-signal https://safeguard.sh/resources/blog/llm-traces-and-evals-ai-supply-chain-signal Wed, 08 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Reachability Analysis vs. SCA: Which Reduces Your Backlog?]]> https://safeguard.sh/resources/blog/reachability-vs-sca-vulnerability-backlog https://safeguard.sh/resources/blog/reachability-vs-sca-vulnerability-backlog Wed, 08 Apr 2026 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Go Toolchain Supply Chain Risks: 2025 Research]]> https://safeguard.sh/resources/blog/go-toolchain-supply-chain-risks-2025-research https://safeguard.sh/resources/blog/go-toolchain-supply-chain-risks-2025-research Mon, 06 Apr 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[CISA KEV Catalog Growth Analysis 2025-2026]]> https://safeguard.sh/resources/blog/cisa-kev-catalog-growth-analysis-2025-2026 https://safeguard.sh/resources/blog/cisa-kev-catalog-growth-analysis-2025-2026 Mon, 06 Apr 2026 00:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[CycloneDX 1.7 New Features Reviewed]]> https://safeguard.sh/resources/blog/cyclonedx-1-7-new-features-review https://safeguard.sh/resources/blog/cyclonedx-1-7-new-features-review Sun, 05 Apr 2026 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Why SLSA Level 3 Matters (and Level 4 Usually Doesn't)]]> https://safeguard.sh/resources/blog/why-slsa-level-3-matters-level-4-usually-doesnt https://safeguard.sh/resources/blog/why-slsa-level-3-matters-level-4-usually-doesnt Sun, 05 Apr 2026 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Prompt Injection in RAG: Indirect Attacks]]> https://safeguard.sh/resources/blog/prompt-injection-rag-pipeline-indirect-attacks https://safeguard.sh/resources/blog/prompt-injection-rag-pipeline-indirect-attacks Sun, 05 Apr 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Real-World Deployment: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-real-world-deployment https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-real-world-deployment Sat, 04 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Lazarus Financial Sector Campaigns 2024-2025]]> https://safeguard.sh/resources/blog/lazarus-financial-sector-campaigns-2024-2025 https://safeguard.sh/resources/blog/lazarus-financial-sector-campaigns-2024-2025 Sat, 04 Apr 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Buyer Guide: Software Supply Chain Security 2026]]> https://safeguard.sh/resources/blog/buyer-guide-software-supply-chain-security-2026 https://safeguard.sh/resources/blog/buyer-guide-software-supply-chain-security-2026 Sat, 04 Apr 2026 00:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Telemetry Data Governance]]> https://safeguard.sh/resources/blog/mcp-server-telemetry-data-governance https://safeguard.sh/resources/blog/mcp-server-telemetry-data-governance Thu, 02 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Provenance, Attestation, and Signing: A Practical Glossary]]> https://safeguard.sh/resources/blog/provenance-attestation-signing-practical-glossary https://safeguard.sh/resources/blog/provenance-attestation-signing-practical-glossary Thu, 02 Apr 2026 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Composer/PHP Supply Chain Threats: 2025 Report]]> https://safeguard.sh/resources/blog/composer-php-supply-chain-threats-2025-report https://safeguard.sh/resources/blog/composer-php-supply-chain-threats-2025-report Thu, 02 Apr 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[California SB-327 IoT Security Enforcement Update]]> https://safeguard.sh/resources/blog/california-sb-327-iot-security-enforcement-update https://safeguard.sh/resources/blog/california-sb-327-iot-security-enforcement-update Thu, 02 Apr 2026 00:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Griffin AI: Eval Benchmarks Published]]> https://safeguard.sh/resources/blog/safeguard-griffin-ai-eval-benchmarks-2026 https://safeguard.sh/resources/blog/safeguard-griffin-ai-eval-benchmarks-2026 Wed, 01 Apr 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[OpenAI API Key Leakage on GitHub at Scale]]> https://safeguard.sh/resources/blog/openai-api-key-leakage-on-github-at-scale https://safeguard.sh/resources/blog/openai-api-key-leakage-on-github-at-scale Wed, 01 Apr 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Symbol Conflict and Binary Planting Attacks 2025]]> https://safeguard.sh/resources/blog/symbol-conflict-malicious-binary-planting-2025 https://safeguard.sh/resources/blog/symbol-conflict-malicious-binary-planting-2025 Wed, 01 Apr 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Q1 2026 Release Recap]]> https://safeguard.sh/resources/blog/safeguard-changelog-q1-2026-recap https://safeguard.sh/resources/blog/safeguard-changelog-q1-2026-recap Tue, 31 Mar 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[White House M-22-18 SBOM Attestation Update]]> https://safeguard.sh/resources/blog/white-house-memo-m-22-18-sbom-attestation-update https://safeguard.sh/resources/blog/white-house-memo-m-22-18-sbom-attestation-update Tue, 31 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Best Secret Scanning Tools 2026 Comparison]]> https://safeguard.sh/resources/blog/best-secret-scanning-tools-2026-comparison https://safeguard.sh/resources/blog/best-secret-scanning-tools-2026-comparison Tue, 31 Mar 2026 00:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[SLSA v1.1 Framework Update: What's New]]> https://safeguard.sh/resources/blog/slsa-v1-1-framework-update-review https://safeguard.sh/resources/blog/slsa-v1-1-framework-update-review Mon, 30 Mar 2026 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Container Image Supply Chain: From Dockerfile to Production]]> https://safeguard.sh/resources/blog/container-image-supply-chain-dockerfile-to-production https://safeguard.sh/resources/blog/container-image-supply-chain-dockerfile-to-production Mon, 30 Mar 2026 10:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Chrome Extension Cyberhaven Supply Chain Attack 2024]]> https://safeguard.sh/resources/blog/chrome-extension-cyberhaven-supply-chain-2024 https://safeguard.sh/resources/blog/chrome-extension-cyberhaven-supply-chain-2024 Mon, 30 Mar 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Reachability Analysis: Cutting Through CVE Noise to Find What Actually Matters]]> https://safeguard.sh/resources/blog/reachability-analysis-reducing-cve-noise https://safeguard.sh/resources/blog/reachability-analysis-reducing-cve-noise Mon, 30 Mar 2026 09:00:00 GMT Technical hi@safeguard.sh (Nayan Dey) <![CDATA[Top Software Supply Chain Security Predictions 2026]]> https://safeguard.sh/resources/blog/top-software-supply-chain-security-predictions-2026 https://safeguard.sh/resources/blog/top-software-supply-chain-security-predictions-2026 Mon, 30 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Side-Channel Attacks 2025]]> https://safeguard.sh/resources/blog/software-supply-chain-side-channel-attacks-2025 https://safeguard.sh/resources/blog/software-supply-chain-side-channel-attacks-2025 Sun, 29 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Scaling Across Repos: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-multi-repo-scale https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-multi-repo-scale Sat, 28 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Lifecycle Management Patterns]]> https://safeguard.sh/resources/blog/mcp-server-lifecycle-management-patterns https://safeguard.sh/resources/blog/mcp-server-lifecycle-management-patterns Sat, 28 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Fine-Tune Backdoor Insertion: Academic Research]]> https://safeguard.sh/resources/blog/fine-tune-backdoor-insertion-academic-research https://safeguard.sh/resources/blog/fine-tune-backdoor-insertion-academic-research Sat, 28 Mar 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Flax Typhoon Residential Proxy Supply Chain 2024]]> https://safeguard.sh/resources/blog/flax-typhoon-residential-proxy-supply-chain-2024 https://safeguard.sh/resources/blog/flax-typhoon-residential-proxy-supply-chain-2024 Sat, 28 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Incident Response for Supply Chain Attacks: A 2026 Playbook]]> https://safeguard.sh/resources/blog/incident-response-supply-chain-playbook-2026 https://safeguard.sh/resources/blog/incident-response-supply-chain-playbook-2026 Sat, 28 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Yukti Singhal) <![CDATA[How to Detect Dependency Confusion Attacks Before They Ship]]> https://safeguard.sh/resources/blog/detect-dependency-confusion-before-it-ships https://safeguard.sh/resources/blog/detect-dependency-confusion-before-it-ships Fri, 27 Mar 2026 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[India DPDP Act Software Security Implications 2026]]> https://safeguard.sh/resources/blog/india-dpdp-act-software-security-implications-2026 https://safeguard.sh/resources/blog/india-dpdp-act-software-security-implications-2026 Thu, 26 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Reflection-Based Dependency Confusion Techniques]]> https://safeguard.sh/resources/blog/reflection-based-dependency-confusion-techniques https://safeguard.sh/resources/blog/reflection-based-dependency-confusion-techniques Thu, 26 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Okta Cross-Tenant Impersonation 2024]]> https://safeguard.sh/resources/blog/okta-cross-tenant-impersonation-incident-2024 https://safeguard.sh/resources/blog/okta-cross-tenant-impersonation-incident-2024 Thu, 26 Mar 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[State of Open Source Funding and Security 2026]]> https://safeguard.sh/resources/blog/state-of-open-source-funding-and-security-2026 https://safeguard.sh/resources/blog/state-of-open-source-funding-and-security-2026 Thu, 26 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Sandbox Escapes: Threat Model]]> https://safeguard.sh/resources/blog/mcp-server-sandbox-escapes-threat-model https://safeguard.sh/resources/blog/mcp-server-sandbox-escapes-threat-model Wed, 25 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Training Data Poisoning: Pipeline Defenses]]> https://safeguard.sh/resources/blog/data-poisoning-training-pipeline-defenses https://safeguard.sh/resources/blog/data-poisoning-training-pipeline-defenses Wed, 25 Mar 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Introducing the Safeguard Marketplace: Extend Your Supply Chain Security]]> https://safeguard.sh/resources/blog/safeguard-marketplace-launch https://safeguard.sh/resources/blog/safeguard-marketplace-launch Wed, 25 Mar 2026 09:00:00 GMT Product hi@safeguard.sh (Yukti Singhal) <![CDATA[Tool-Call Hijacking: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-tool-call-hijacking-defences https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-tool-call-hijacking-defences Tue, 24 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Sourcegraph Cody for Security Use]]> https://safeguard.sh/resources/blog/griffin-ai-vs-sourcegraph-cody-security-use https://safeguard.sh/resources/blog/griffin-ai-vs-sourcegraph-cody-security-use Tue, 24 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[How to Secure AI Agents on the MCP Protocol]]> https://safeguard.sh/resources/blog/how-to-secure-ai-agents-mcp-protocol-2026 https://safeguard.sh/resources/blog/how-to-secure-ai-agents-mcp-protocol-2026 Tue, 24 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Zero Trust for CI/CD Pipelines: A Concrete Blueprint]]> https://safeguard.sh/resources/blog/zero-trust-cicd-pipelines-blueprint https://safeguard.sh/resources/blog/zero-trust-cicd-pipelines-blueprint Tue, 24 Mar 2026 10:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[UK PSTI Act Consumer IoT: Year-One Review]]> https://safeguard.sh/resources/blog/uk-psti-act-consumer-iot-year-one-review https://safeguard.sh/resources/blog/uk-psti-act-consumer-iot-year-one-review Tue, 24 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Center Of Excellence Blueprint]]> https://safeguard.sh/resources/blog/enterprise-ai-center-of-excellence-blueprint https://safeguard.sh/resources/blog/enterprise-ai-center-of-excellence-blueprint Mon, 23 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[ROI Timeline: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-roi-timeline https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-roi-timeline Mon, 23 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Open Weights: Supply Chain Risks]]> https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-supply-chain-risks https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-supply-chain-risks Mon, 23 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[npm Garbage Collection Abuse: Attack Research]]> https://safeguard.sh/resources/blog/npm-garbage-collection-abuse-attack-research https://safeguard.sh/resources/blog/npm-garbage-collection-abuse-attack-research Mon, 23 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[AI Scaffold Prompts: Enterprise Governance]]> https://safeguard.sh/resources/blog/ai-scaffold-prompts-enterprise-governance https://safeguard.sh/resources/blog/ai-scaffold-prompts-enterprise-governance Sun, 22 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Regression Gate Design Patterns For Security LLMs]]> https://safeguard.sh/resources/blog/ai-security-regression-gate-design-patterns https://safeguard.sh/resources/blog/ai-security-regression-gate-design-patterns Sun, 22 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Claude Citations: Advisory Work]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-citations-for-advisory-work https://safeguard.sh/resources/blog/griffin-ai-vs-claude-citations-for-advisory-work Sun, 22 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[FDA Premarket Cybersecurity for Medical Devices 2026]]> https://safeguard.sh/resources/blog/fda-premarket-cybersecurity-medical-devices-2026 https://safeguard.sh/resources/blog/fda-premarket-cybersecurity-medical-devices-2026 Sun, 22 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Introducing Safeguard TPRM: Evidence-Based Third-Party Risk Management]]> https://safeguard.sh/resources/blog/safeguard-tprm-module-release https://safeguard.sh/resources/blog/safeguard-tprm-module-release Sun, 22 Mar 2026 09:00:00 GMT Product hi@safeguard.sh (Michael) <![CDATA[State of DevSecOps 2026: What Teams Actually Ship]]> https://safeguard.sh/resources/blog/state-of-devsecops-2026-what-teams-ship https://safeguard.sh/resources/blog/state-of-devsecops-2026-what-teams-ship Sun, 22 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs OpenAI Pricing: Security Workloads]]> https://safeguard.sh/resources/blog/griffin-ai-vs-openai-pricing-for-security-workloads https://safeguard.sh/resources/blog/griffin-ai-vs-openai-pricing-for-security-workloads Sat, 21 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Small Language Models: Security Use-Case Fit]]> https://safeguard.sh/resources/blog/small-language-model-security-usecase-fit https://safeguard.sh/resources/blog/small-language-model-security-usecase-fit Sat, 21 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Funding Crisis: What It Means for Your Tree]]> https://safeguard.sh/resources/blog/open-source-funding-crisis-dependency-tree-impact https://safeguard.sh/resources/blog/open-source-funding-crisis-dependency-tree-impact Sat, 21 Mar 2026 10:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Claude MCP Tool Poisoning Threat Model 2026]]> https://safeguard.sh/resources/blog/claude-mcp-tool-poisoning-threat-model-2026 https://safeguard.sh/resources/blog/claude-mcp-tool-poisoning-threat-model-2026 Sat, 21 Mar 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Developer Social Engineering Campaigns 2024-2025]]> https://safeguard.sh/resources/blog/dev-0270-developer-social-engineering-campaign https://safeguard.sh/resources/blog/dev-0270-developer-social-engineering-campaign Sat, 21 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Hugging Face Token Exposure 2024 Analysis]]> https://safeguard.sh/resources/blog/hugging-face-token-exposure-2024-analysis https://safeguard.sh/resources/blog/hugging-face-token-exposure-2024-analysis Sat, 21 Mar 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AWS re:Inforce 2026 Supply Chain Sessions: Field Notes]]> https://safeguard.sh/resources/blog/aws-reinforce-2026-supply-chain-sessions https://safeguard.sh/resources/blog/aws-reinforce-2026-supply-chain-sessions Fri, 20 Mar 2026 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Fine-Tune Drift Measured On Eval Sets]]> https://safeguard.sh/resources/blog/frontier-model-limit-fine-tune-drift-on-evals https://safeguard.sh/resources/blog/frontier-model-limit-fine-tune-drift-on-evals Fri, 20 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemini On-Device: Developer Tools]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-on-device-for-developer-tools https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-on-device-for-developer-tools Fri, 20 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Grounded Reasoning vs Hallucinated: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-reasoning-grounded-vs-hallucinated https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-reasoning-grounded-vs-hallucinated Fri, 20 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[DevSecOps and Platform Engineering: The Convergence No One Expected]]> https://safeguard.sh/resources/blog/devsecops-platform-engineering-convergence https://safeguard.sh/resources/blog/devsecops-platform-engineering-convergence Fri, 20 Mar 2026 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[How to Implement SLSA Level 3 Practically]]> https://safeguard.sh/resources/blog/how-to-implement-slsa-level-3-practical-guide https://safeguard.sh/resources/blog/how-to-implement-slsa-level-3-practical-guide Fri, 20 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[DNS Cache Poisoning for Software Updates: 2025]]> https://safeguard.sh/resources/blog/loophole-dns-cache-poisoning-software-updates-2025 https://safeguard.sh/resources/blog/loophole-dns-cache-poisoning-software-updates-2025 Fri, 20 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Guardrail Consolidation: Market Dynamics 2026]]> https://safeguard.sh/resources/blog/ai-security-trend-guardrail-consolidation-market https://safeguard.sh/resources/blog/ai-security-trend-guardrail-consolidation-market Thu, 19 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Breaking Change Awareness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-breaking-change-awareness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-breaking-change-awareness Thu, 19 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Best Container Image Scanners 2026]]> https://safeguard.sh/resources/blog/best-container-image-scanners-2026 https://safeguard.sh/resources/blog/best-container-image-scanners-2026 Thu, 19 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Trusted Publishing Token Leaks in 2025]]> https://safeguard.sh/resources/blog/pypi-trusted-publishing-token-leak-campaign-2025 https://safeguard.sh/resources/blog/pypi-trusted-publishing-token-leak-campaign-2025 Thu, 19 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[EU AI Act: Software Supply Chain Implications 2026]]> https://safeguard.sh/resources/blog/eu-ai-act-software-supply-chain-implications-2026 https://safeguard.sh/resources/blog/eu-ai-act-software-supply-chain-implications-2026 Thu, 19 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Audit Trail Quality: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-audit-trail-quality https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-audit-trail-quality Wed, 18 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Sanitizer Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sanitizer-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sanitizer-detection Wed, 18 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[GenAI Code Assistants and Package Hallucination: 2026 Update]]> https://safeguard.sh/resources/blog/genai-package-hallucination-2026-update https://safeguard.sh/resources/blog/genai-package-hallucination-2026-update Wed, 18 Mar 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Bill of Materials (ML-BOM) Standards in 2026]]> https://safeguard.sh/resources/blog/ai-bill-of-materials-ml-bom-standards-2026 https://safeguard.sh/resources/blog/ai-bill-of-materials-ml-bom-standards-2026 Wed, 18 Mar 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Continuous Compliance Monitoring: A Practical Guide for Security Teams]]> https://safeguard.sh/resources/blog/continuous-compliance-monitoring-guide https://safeguard.sh/resources/blog/continuous-compliance-monitoring-guide Wed, 18 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Alex) <![CDATA[DORA Third-Party ICT Risk for Financial Services 2026]]> https://safeguard.sh/resources/blog/dora-financial-services-third-party-ict-risk-2026 https://safeguard.sh/resources/blog/dora-financial-services-third-party-ict-risk-2026 Wed, 18 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[State of CVE Disclosure and KEV in 2026]]> https://safeguard.sh/resources/blog/state-of-cve-disclosure-and-kev-2026 https://safeguard.sh/resources/blog/state-of-cve-disclosure-and-kev-2026 Wed, 18 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cross-Vendor SBOM Normalization: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cross-vendor-sbom-normalization https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cross-vendor-sbom-normalization Tue, 17 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[How to Scan Docker Images for Vulnerabilities]]> https://safeguard.sh/resources/blog/how-to-scan-docker-images-vulnerabilities-guide https://safeguard.sh/resources/blog/how-to-scan-docker-images-vulnerabilities-guide Tue, 17 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[GitHub Actions Cache Poisoning Attack Class 2025]]> https://safeguard.sh/resources/blog/github-actions-cache-poisoning-attack-class-2025 https://safeguard.sh/resources/blog/github-actions-cache-poisoning-attack-class-2025 Tue, 17 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[NIST SP 800-161 Rev. 2 Third-Party Risk 2026]]> https://safeguard.sh/resources/blog/nist-sp-800-161-revision-2-third-party-2026 https://safeguard.sh/resources/blog/nist-sp-800-161-revision-2-third-party-2026 Tue, 17 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Docker Hub Exposed Secrets at Scale 2024]]> https://safeguard.sh/resources/blog/docker-hub-exposed-secrets-at-scale-2024 https://safeguard.sh/resources/blog/docker-hub-exposed-secrets-at-scale-2024 Tue, 17 Mar 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Benchmark Reproducibility: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-benchmark-reproducibility https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-benchmark-reproducibility Mon, 16 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Prompt Injection Defences: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-prompt-injection-defences https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-prompt-injection-defences Mon, 16 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Windsurf Cascade for Security Review]]> https://safeguard.sh/resources/blog/griffin-ai-vs-windsurf-cascade-security-review https://safeguard.sh/resources/blog/griffin-ai-vs-windsurf-cascade-security-review Mon, 16 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Supply Chain Security for Aerospace & Defense (DoD) 2026]]> https://safeguard.sh/resources/blog/supply-chain-security-aerospace-defense-dod-2026 https://safeguard.sh/resources/blog/supply-chain-security-aerospace-defense-dod-2026 Mon, 16 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Metric Design For Executive Reporting]]> https://safeguard.sh/resources/blog/enterprise-ai-metric-design-for-executive-reporting https://safeguard.sh/resources/blog/enterprise-ai-metric-design-for-executive-reporting Sun, 15 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Self-Hosted Llama: Real Costs]]> https://safeguard.sh/resources/blog/griffin-ai-vs-llama-vs-self-hosting-costs https://safeguard.sh/resources/blog/griffin-ai-vs-llama-vs-self-hosting-costs Sun, 15 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Pricing Predictability: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-pricing-predictability https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-pricing-predictability Sun, 15 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[MCP Client-Side Security Considerations]]> https://safeguard.sh/resources/blog/mcp-client-side-security-considerations https://safeguard.sh/resources/blog/mcp-client-side-security-considerations Sun, 15 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Best SBOM Management Platforms 2026 Review]]> https://safeguard.sh/resources/blog/best-sbom-management-platforms-2026-review https://safeguard.sh/resources/blog/best-sbom-management-platforms-2026-review Sun, 15 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[CrowdStrike Falcon Outage: Post-Mortem Lessons]]> https://safeguard.sh/resources/blog/crowdstrike-falcon-outage-post-mortem-lessons https://safeguard.sh/resources/blog/crowdstrike-falcon-outage-post-mortem-lessons Sun, 15 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[FedRAMP 20x and Continuous Compliance for Software Vendors]]> https://safeguard.sh/resources/blog/fedramp-20x-continuous-compliance-software-vendors https://safeguard.sh/resources/blog/fedramp-20x-continuous-compliance-software-vendors Sun, 15 Mar 2026 10:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[SBOMs in Healthcare: Patient Safety Meets Software Transparency]]> https://safeguard.sh/resources/blog/software-bill-of-materials-healthcare https://safeguard.sh/resources/blog/software-bill-of-materials-healthcare Sun, 15 Mar 2026 10:00:00 GMT Healthcare hi@safeguard.sh (Michael) <![CDATA[Confused Deputy Attacks on CI/CD Service Accounts]]> https://safeguard.sh/resources/blog/confused-deputy-attacks-ci-cd-service-accounts https://safeguard.sh/resources/blog/confused-deputy-attacks-ci-cd-service-accounts Sun, 15 Mar 2026 09:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[The Complete SBOM Compliance Guide for 2026]]> https://safeguard.sh/resources/blog/sbom-compliance-guide-2026 https://safeguard.sh/resources/blog/sbom-compliance-guide-2026 Sun, 15 Mar 2026 00:00:00 GMT Compliance hi@safeguard.sh (Safeguard Team) <![CDATA[AI Coding Assistant Data Leakage Paths]]> https://safeguard.sh/resources/blog/ai-coding-assistant-data-leakage-paths https://safeguard.sh/resources/blog/ai-coding-assistant-data-leakage-paths Sat, 14 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Real-World Vs Synthetic Eval Gap In Security]]> https://safeguard.sh/resources/blog/ai-security-real-world-vs-synthetic-eval-gap https://safeguard.sh/resources/blog/ai-security-real-world-vs-synthetic-eval-gap Sat, 14 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Claude Computer Use: Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-computer-use-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-claude-computer-use-for-security Sat, 14 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cryptography Misuse Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cryptography-misuse-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cryptography-misuse-detection Sat, 14 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI Agent Tool Confused Deputy Problem in 2026]]> https://safeguard.sh/resources/blog/ai-agent-tool-confused-deputy-problem-2026 https://safeguard.sh/resources/blog/ai-agent-tool-confused-deputy-problem-2026 Sat, 14 Mar 2026 09:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[APT29 Cloud Supply Chain Tradecraft 2025]]> https://safeguard.sh/resources/blog/apt29-cloud-supply-chain-tradecraft-update-2025 https://safeguard.sh/resources/blog/apt29-cloud-supply-chain-tradecraft-update-2025 Sat, 14 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[CMMC Level 3 Software Supply Chain Checklist 2026]]> https://safeguard.sh/resources/blog/cmmc-level-3-software-supply-chain-checklist-2026 https://safeguard.sh/resources/blog/cmmc-level-3-software-supply-chain-checklist-2026 Sat, 14 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-4367 PDF.js Arbitrary Code Execution]]> https://safeguard.sh/resources/blog/cve-2024-4367-pdfjs-arbitrary-code-execution https://safeguard.sh/resources/blog/cve-2024-4367-pdfjs-arbitrary-code-execution Sat, 14 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[State of Container Security 2026: Survey Summary]]> https://safeguard.sh/resources/blog/state-of-container-security-2026-survey-summary https://safeguard.sh/resources/blog/state-of-container-security-2026-survey-summary Sat, 14 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Ensemble LLMs For High-Precision Security Findings]]> https://safeguard.sh/resources/blog/ensemble-llm-for-high-precision-security-findings https://safeguard.sh/resources/blog/ensemble-llm-for-high-precision-security-findings Fri, 13 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs GPT-5: Compliance Posture]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-compliance-posture https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-compliance-posture Fri, 13 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[How to Prevent Dependency Confusion in npm (2026)]]> https://safeguard.sh/resources/blog/how-to-prevent-dependency-confusion-npm-2026 https://safeguard.sh/resources/blog/how-to-prevent-dependency-confusion-npm-2026 Fri, 13 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Local Runner: Agentic Security on Your Laptop]]> https://safeguard.sh/resources/blog/safeguard-local-runner-release-agentic-security https://safeguard.sh/resources/blog/safeguard-local-runner-release-agentic-security Fri, 13 Mar 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[UNC5221 Ivanti Exploitation Campaign Analysis]]> https://safeguard.sh/resources/blog/unc5221-ivanti-exploitation-campaign-analysis https://safeguard.sh/resources/blog/unc5221-ivanti-exploitation-campaign-analysis Fri, 13 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Hallucinated Security Findings: Measurable Rates]]> https://safeguard.sh/resources/blog/frontier-model-limit-hallucinated-security-findings https://safeguard.sh/resources/blog/frontier-model-limit-hallucinated-security-findings Thu, 12 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Gemini for FedRAMP Workflows]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-compliance-fedramp https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-compliance-fedramp Thu, 12 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[False Positive Rates: Griffin AI vs Mythos Benchmarked]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-false-positive-rates https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-false-positive-rates Thu, 12 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Support Model: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-support-model https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-support-model Thu, 12 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Best SCA Tools for Enterprise: 2026 Comparison]]> https://safeguard.sh/resources/blog/best-sca-tools-enterprise-2026-comparison https://safeguard.sh/resources/blog/best-sca-tools-enterprise-2026-comparison Thu, 12 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[CVE Triage Is Broken. Here's a Better Workflow.]]> https://safeguard.sh/resources/blog/cve-triage-is-broken-better-workflow https://safeguard.sh/resources/blog/cve-triage-is-broken-better-workflow Thu, 12 Mar 2026 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[tj-actions Compromise: One Year Retrospective]]> https://safeguard.sh/resources/blog/tj-actions-compromise-one-year-retrospective https://safeguard.sh/resources/blog/tj-actions-compromise-one-year-retrospective Thu, 12 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Supply Chain Security for Energy (NERC CIP) 2026]]> https://safeguard.sh/resources/blog/supply-chain-security-energy-nerc-cip-2026 https://safeguard.sh/resources/blog/supply-chain-security-energy-nerc-cip-2026 Thu, 12 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Automating Third-Party Risk Assessment: Moving Beyond Spreadsheets and Questionnaires]]> https://safeguard.sh/resources/blog/third-party-risk-assessment-automation https://safeguard.sh/resources/blog/third-party-risk-assessment-automation Thu, 12 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Bob) <![CDATA[CVE-2025-24071 Windows Explorer NTLM Hash Leak]]> https://safeguard.sh/resources/blog/cve-2025-24071-windows-explorer-ntlm-leak https://safeguard.sh/resources/blog/cve-2025-24071-windows-explorer-ntlm-leak Thu, 12 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Fine-Tune Backdoors: The Quiet Threat]]> https://safeguard.sh/resources/blog/ai-security-trend-fine-tune-backdoors https://safeguard.sh/resources/blog/ai-security-trend-fine-tune-backdoors Wed, 11 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Rollback Safety: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-rollback-safety https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-rollback-safety Wed, 11 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Storm-0558 Microsoft Cloud Identity Aftermath]]> https://safeguard.sh/resources/blog/storm-0558-microsoft-cloud-identity-aftermath https://safeguard.sh/resources/blog/storm-0558-microsoft-cloud-identity-aftermath Wed, 11 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[VS Code Marketplace Malware Campaigns in 2025]]> https://safeguard.sh/resources/blog/vscode-extension-marketplace-malware-campaigns-2025 https://safeguard.sh/resources/blog/vscode-extension-marketplace-malware-campaigns-2025 Wed, 11 Mar 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[CMMC Pass-Through: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cmmc-pass-through https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cmmc-pass-through Tue, 10 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Transitive Depth: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-transitive-depth-comparison https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-transitive-depth-comparison Tue, 10 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Executive Order 14028 at Five Years: A Comprehensive Review]]> https://safeguard.sh/resources/blog/eo-14028-five-years-comprehensive-review https://safeguard.sh/resources/blog/eo-14028-five-years-comprehensive-review Tue, 10 Mar 2026 10:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[How to Sign Container Images with Cosign in Production]]> https://safeguard.sh/resources/blog/how-to-sign-container-images-cosign-production https://safeguard.sh/resources/blog/how-to-sign-container-images-cosign-production Tue, 10 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard March 2026 Release Notes]]> https://safeguard.sh/resources/blog/safeguard-changelog-march-2026 https://safeguard.sh/resources/blog/safeguard-changelog-march-2026 Tue, 10 Mar 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[FTC and Software Supply Chain Enforcement 2026]]> https://safeguard.sh/resources/blog/ftc-mgm-breach-settlement-software-implications https://safeguard.sh/resources/blog/ftc-mgm-breach-settlement-software-implications Tue, 10 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[How to Rotate Leaked Secrets With Automation (2026)]]> https://safeguard.sh/resources/blog/how-to-rotate-leaked-secrets-automation-2026 https://safeguard.sh/resources/blog/how-to-rotate-leaked-secrets-automation-2026 Tue, 10 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-29849 Veeam Auth Bypass Analysis]]> https://safeguard.sh/resources/blog/cve-2024-29849-veeam-auth-bypass-analysis https://safeguard.sh/resources/blog/cve-2024-29849-veeam-auth-bypass-analysis Tue, 10 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[State of AI Security in Enterprise 2026]]> https://safeguard.sh/resources/blog/state-of-ai-security-in-enterprise-2026 https://safeguard.sh/resources/blog/state-of-ai-security-in-enterprise-2026 Tue, 10 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Training Data Provenance: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-training-data-provenance https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-training-data-provenance Mon, 09 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Mitigating npm Install Scripts Without Breaking Your Build]]> https://safeguard.sh/resources/blog/mitigate-npm-install-scripts-without-breaking-builds https://safeguard.sh/resources/blog/mitigate-npm-install-scripts-without-breaking-builds Mon, 09 Mar 2026 10:00:00 GMT Dependency Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard vs Wiz: Supply Chain Focus 2026]]> https://safeguard.sh/resources/blog/safeguard-vs-wiz-supply-chain-focus-2026 https://safeguard.sh/resources/blog/safeguard-vs-wiz-supply-chain-focus-2026 Mon, 09 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security for Healthcare (HIPAA) 2026]]> https://safeguard.sh/resources/blog/software-supply-chain-security-healthcare-hipaa-2026 https://safeguard.sh/resources/blog/software-supply-chain-security-healthcare-hipaa-2026 Mon, 09 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Vendor Offboarding and Supply Chain Data Destruction]]> https://safeguard.sh/resources/blog/vendor-offboarding-supply-chain-data-destruction https://safeguard.sh/resources/blog/vendor-offboarding-supply-chain-data-destruction Mon, 09 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Cost Per Finding: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cost-per-finding https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cost-per-finding Sun, 08 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Dependency Confusion: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dependency-confusion-scenarios https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dependency-confusion-scenarios Sun, 08 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Poolside for Enterprise Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-poolside-for-enterprise-security https://safeguard.sh/resources/blog/griffin-ai-vs-poolside-for-enterprise-security Sun, 08 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[JSR JavaScript Registry Security Model]]> https://safeguard.sh/resources/blog/jsr-javascript-registry-security-model https://safeguard.sh/resources/blog/jsr-javascript-registry-security-model Sun, 08 Mar 2026 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Authentication Patterns for Enterprise]]> https://safeguard.sh/resources/blog/mcp-authentication-patterns-enterprise https://safeguard.sh/resources/blog/mcp-authentication-patterns-enterprise Sun, 08 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Snowflake Customer Breaches 2024: Root Cause]]> https://safeguard.sh/resources/blog/snowflake-customer-breaches-2024-root-cause https://safeguard.sh/resources/blog/snowflake-customer-breaches-2024-root-cause Sun, 08 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Signing and Code Integrity in 2026: The Practical State of Play]]> https://safeguard.sh/resources/blog/software-signing-code-integrity-2026 https://safeguard.sh/resources/blog/software-signing-code-integrity-2026 Sun, 08 Mar 2026 09:00:00 GMT Industry Trends hi@safeguard.sh (James) <![CDATA[Enterprise AI Red Team Program Design]]> https://safeguard.sh/resources/blog/enterprise-ai-red-team-program-design https://safeguard.sh/resources/blog/enterprise-ai-red-team-program-design Sat, 07 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Elastic Scale Behaviour: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-elastic-scale-behaviour https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-elastic-scale-behaviour Sat, 07 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Open Weights: The Eval Gap]]> https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-eval-gap https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-eval-gap Sat, 07 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Akira Ransomware VPN Appliance Exploitation]]> https://safeguard.sh/resources/blog/akira-ransomware-vpn-appliance-exploitation https://safeguard.sh/resources/blog/akira-ransomware-vpn-appliance-exploitation Sat, 07 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[OSS Maintainer Account Takeover Trends 2025]]> https://safeguard.sh/resources/blog/open-source-maintainer-account-takeover-trends-2025 https://safeguard.sh/resources/blog/open-source-maintainer-account-takeover-trends-2025 Sat, 07 Mar 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2025-1974 Ingress NGINX Controller RCE]]> https://safeguard.sh/resources/blog/cve-2025-1974-ingress-nginx-controller-rce https://safeguard.sh/resources/blog/cve-2025-1974-ingress-nginx-controller-rce Sat, 07 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[The Reproducibility Crisis In AI Security Evals]]> https://safeguard.sh/resources/blog/ai-security-reproducibility-crisis-mini https://safeguard.sh/resources/blog/ai-security-reproducibility-crisis-mini Fri, 06 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Claude Prompt Caching: Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-prompt-caching-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-claude-prompt-caching-for-security Fri, 06 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Auth Bypass Discovery: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-auth-bypass-discovery https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-auth-bypass-discovery Fri, 06 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[How to Generate an SBOM with GitHub Actions (2026)]]> https://safeguard.sh/resources/blog/how-to-generate-sbom-github-actions-2026 https://safeguard.sh/resources/blog/how-to-generate-sbom-github-actions-2026 Fri, 06 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI 2FA Lessons Two Years In]]> https://safeguard.sh/resources/blog/pypi-2fa-lessons-two-years-in https://safeguard.sh/resources/blog/pypi-2fa-lessons-two-years-in Fri, 06 Mar 2026 10:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[How to Detect Malicious npm Packages: A Workflow]]> https://safeguard.sh/resources/blog/how-to-detect-malicious-npm-packages-workflow https://safeguard.sh/resources/blog/how-to-detect-malicious-npm-packages-workflow Fri, 06 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Procurement Security Questionnaires That Actually Work]]> https://safeguard.sh/resources/blog/procurement-security-questionnaires-that-work https://safeguard.sh/resources/blog/procurement-security-questionnaires-that-work Fri, 06 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Desktop App 1.0 Release]]> https://safeguard.sh/resources/blog/safeguard-desktop-application-1-0-release https://safeguard.sh/resources/blog/safeguard-desktop-application-1-0-release Fri, 06 Mar 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-32002 Git RCE on Clone: Walkthrough]]> https://safeguard.sh/resources/blog/cve-2024-32002-git-rce-on-clone-walkthrough https://safeguard.sh/resources/blog/cve-2024-32002-git-rce-on-clone-walkthrough Fri, 06 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security Market Map 2026]]> https://safeguard.sh/resources/blog/software-supply-chain-security-market-map-2026 https://safeguard.sh/resources/blog/software-supply-chain-security-market-map-2026 Fri, 06 Mar 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Chain-Of-Thought For Vulnerability Reasoning]]> https://safeguard.sh/resources/blog/chain-of-thought-for-vulnerability-reasoning https://safeguard.sh/resources/blog/chain-of-thought-for-vulnerability-reasoning Thu, 05 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Context Window Limits: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-context-window-limits https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-context-window-limits Thu, 05 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs OpenAI Assistants API for SecOps]]> https://safeguard.sh/resources/blog/griffin-ai-vs-openai-assistants-api-for-secops https://safeguard.sh/resources/blog/griffin-ai-vs-openai-assistants-api-for-secops Thu, 05 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Post-Quantum Signing: An Artifact Migration Plan]]> https://safeguard.sh/resources/blog/post-quantum-signing-artifact-migration-plan https://safeguard.sh/resources/blog/post-quantum-signing-artifact-migration-plan Thu, 05 Mar 2026 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Change Healthcare Ransomware 2024: Deep Dive]]> https://safeguard.sh/resources/blog/change-healthcare-ransomware-2024-deep-dive https://safeguard.sh/resources/blog/change-healthcare-ransomware-2024-deep-dive Thu, 05 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard vs Aqua Security Platform Review]]> https://safeguard.sh/resources/blog/safeguard-vs-aqua-security-platform-review https://safeguard.sh/resources/blog/safeguard-vs-aqua-security-platform-review Thu, 05 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[The Supply Chain Attack Kill Chain: A Framework for Defense]]> https://safeguard.sh/resources/blog/supply-chain-attack-kill-chain-framework https://safeguard.sh/resources/blog/supply-chain-attack-kill-chain-framework Thu, 05 Mar 2026 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Alex) <![CDATA[The Future of Software Signing Is Keyless]]> https://safeguard.sh/resources/blog/the-future-of-software-signing-is-keyless https://safeguard.sh/resources/blog/the-future-of-software-signing-is-keyless Thu, 05 Mar 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Composer/PHP Package Supply Chain in 2026]]> https://safeguard.sh/resources/blog/composer-php-package-supply-chain-2026 https://safeguard.sh/resources/blog/composer-php-package-supply-chain-2026 Thu, 05 Mar 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Supply Chain Security for Financial Services 2026]]> https://safeguard.sh/resources/blog/supply-chain-security-financial-services-2026 https://safeguard.sh/resources/blog/supply-chain-security-financial-services-2026 Thu, 05 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[CISA Minimum Elements for SBOM: 2026 Update]]> https://safeguard.sh/resources/blog/minimum-elements-sbom-cisa-2026-update https://safeguard.sh/resources/blog/minimum-elements-sbom-cisa-2026-update Wed, 04 Mar 2026 15:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[Model Substitution Risk In Enterprise Deployments]]> https://safeguard.sh/resources/blog/frontier-model-limit-model-substitution-risk https://safeguard.sh/resources/blog/frontier-model-limit-model-substitution-risk Wed, 04 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemini Pricing: Security Scans]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-pricing-for-security-scans https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-pricing-for-security-scans Wed, 04 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Onboarding Velocity: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-onboarding-velocity https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-onboarding-velocity Wed, 04 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Generation: Syft, Tern, Trivy Compared (2026)]]> https://safeguard.sh/resources/blog/sbom-generation-tools-syft-tern-comparison-2026 https://safeguard.sh/resources/blog/sbom-generation-tools-syft-tern-comparison-2026 Wed, 04 Mar 2026 12:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM-Driven Due Diligence for M&A]]> https://safeguard.sh/resources/blog/sbom-for-mergers-acquisitions-due-diligence https://safeguard.sh/resources/blog/sbom-for-mergers-acquisitions-due-diligence Wed, 04 Mar 2026 09:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[RAG Poisoning In The Wild: Trend Watch]]> https://safeguard.sh/resources/blog/ai-security-trend-rag-poisoning-in-the-wild https://safeguard.sh/resources/blog/ai-security-trend-rag-poisoning-in-the-wild Tue, 03 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Transitive Fix Cascades: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-transitive-fix-cascades https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-transitive-fix-cascades Tue, 03 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[How to Comply With EU CRA: A Practical Checklist]]> https://safeguard.sh/resources/blog/how-to-comply-eu-cyber-resilience-act-checklist https://safeguard.sh/resources/blog/how-to-comply-eu-cyber-resilience-act-checklist Tue, 03 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[The Minimal Base Image Myth: What Actually Reduces Attack Surface]]> https://safeguard.sh/resources/blog/minimal-base-image-myth-attack-surface-reduction https://safeguard.sh/resources/blog/minimal-base-image-myth-attack-surface-reduction Tue, 03 Mar 2026 10:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[npm Protestware Patterns From 2020 to 2026]]> https://safeguard.sh/resources/blog/npm-protestware-patterns-2020-to-2026 https://safeguard.sh/resources/blog/npm-protestware-patterns-2020-to-2026 Tue, 03 Mar 2026 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Right-to-Repair and Software Supply Chain Security]]> https://safeguard.sh/resources/blog/right-to-repair-software-supply-chain-security https://safeguard.sh/resources/blog/right-to-repair-software-supply-chain-security Tue, 03 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[EU AI Act Alignment: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eu-ai-act-alignment https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eu-ai-act-alignment Mon, 02 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Version-Aware Resolution: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-version-aware-resolution https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-version-aware-resolution Mon, 02 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Nullcon Berlin 2026 Supply Chain Highlights]]> https://safeguard.sh/resources/blog/nullcon-berlin-2026-software-supply-chain-highlights https://safeguard.sh/resources/blog/nullcon-berlin-2026-software-supply-chain-highlights Mon, 02 Mar 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard vs GitHub Advanced Security 2026]]> https://safeguard.sh/resources/blog/safeguard-vs-github-advanced-security-2026 https://safeguard.sh/resources/blog/safeguard-vs-github-advanced-security-2026 Mon, 02 Mar 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[How to Audit Open Source Licenses for Compliance]]> https://safeguard.sh/resources/blog/how-to-audit-open-source-licenses-compliance-guide https://safeguard.sh/resources/blog/how-to-audit-open-source-licenses-compliance-guide Mon, 02 Mar 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Open Source Manager: A Deep Dive Into Dependency Governance]]> https://safeguard.sh/resources/blog/safeguard-open-source-manager-deep-dive https://safeguard.sh/resources/blog/safeguard-open-source-manager-deep-dive Mon, 02 Mar 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Requirements for Automotive (ISO 21434) 2026]]> https://safeguard.sh/resources/blog/sbom-requirements-automotive-iso-21434-2026 https://safeguard.sh/resources/blog/sbom-requirements-automotive-iso-21434-2026 Mon, 02 Mar 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Volt Typhoon: Critical Infrastructure Supply Chain]]> https://safeguard.sh/resources/blog/volt-typhoon-critical-infrastructure-supply-chain https://safeguard.sh/resources/blog/volt-typhoon-critical-infrastructure-supply-chain Mon, 02 Mar 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-21413 Outlook Moniker Link Analysis]]> https://safeguard.sh/resources/blog/cve-2024-21413-outlook-moniker-link-analysis https://safeguard.sh/resources/blog/cve-2024-21413-outlook-moniker-link-analysis Mon, 02 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-55956 Cleo Harmony/VLTrader RCE]]> https://safeguard.sh/resources/blog/cve-2024-55956-cleo-harmony-vltrader-rce https://safeguard.sh/resources/blog/cve-2024-55956-cleo-harmony-vltrader-rce Mon, 02 Mar 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Inventory: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-mcp-server-inventory https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-mcp-server-inventory Sun, 01 Mar 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Container Runtime Security in 2026: What's Changed and What Hasn't]]> https://safeguard.sh/resources/blog/container-runtime-security-2026-guide https://safeguard.sh/resources/blog/container-runtime-security-2026-guide Sun, 01 Mar 2026 10:00:00 GMT Cloud Security hi@safeguard.sh (James) <![CDATA[XZ Utils Backdoor: One Year Retrospective]]> https://safeguard.sh/resources/blog/xz-utils-aftermath-one-year-retrospective https://safeguard.sh/resources/blog/xz-utils-aftermath-one-year-retrospective Sun, 01 Mar 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cloudflare Workers: Supply Chain Threat Model]]> https://safeguard.sh/resources/blog/cloudflare-workers-supply-chain-threat-model https://safeguard.sh/resources/blog/cloudflare-workers-supply-chain-threat-model Sun, 01 Mar 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Container Security: Why Reachability Analysis Changes Everything]]> https://safeguard.sh/resources/blog/container-security-reachability-analysis https://safeguard.sh/resources/blog/container-security-reachability-analysis Sun, 01 Mar 2026 00:00:00 GMT Security hi@safeguard.sh (Safeguard Team) <![CDATA[GenAI Coding Agent Privilege Escalation]]> https://safeguard.sh/resources/blog/genai-coding-agent-privilege-escalation https://safeguard.sh/resources/blog/genai-coding-agent-privilege-escalation Sat, 28 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs GitHub Copilot for Vulnerability Fixing]]> https://safeguard.sh/resources/blog/griffin-ai-vs-github-copilot-for-vulnerability-fixing https://safeguard.sh/resources/blog/griffin-ai-vs-github-copilot-for-vulnerability-fixing Sat, 28 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Continuous Eval & Release Gating: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-continuous-eval-release-gating https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-continuous-eval-release-gating Sat, 28 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Race Condition Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-race-condition-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-race-condition-detection Sat, 28 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Post-Quantum Cryptography Migration for Software Supply Chains]]> https://safeguard.sh/resources/blog/post-quantum-cryptography-migration-supply-chains https://safeguard.sh/resources/blog/post-quantum-cryptography-migration-supply-chains Sat, 28 Feb 2026 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[How Safeguard Partners With MSSP Programs]]> https://safeguard.sh/resources/blog/how-safeguard-partners-with-mssp-programs https://safeguard.sh/resources/blog/how-safeguard-partners-with-mssp-programs Sat, 28 Feb 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Cyber Insurance Exclusions for Supply Chain Incidents]]> https://safeguard.sh/resources/blog/insurance-cyber-policy-software-supply-chain-exclusions https://safeguard.sh/resources/blog/insurance-cyber-policy-software-supply-chain-exclusions Sat, 28 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[JSR/Deno Package Ecosystem Supply Chain]]> https://safeguard.sh/resources/blog/jsr-deno-package-ecosystem-supply-chain https://safeguard.sh/resources/blog/jsr-deno-package-ecosystem-supply-chain Sat, 28 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Data Residency Requirements, 2026]]> https://safeguard.sh/resources/blog/enterprise-ai-data-residency-requirements https://safeguard.sh/resources/blog/enterprise-ai-data-residency-requirements Fri, 27 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[False Positive Cost: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-false-positive-cost https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-false-positive-cost Fri, 27 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Injection Path Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-injection-path-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-injection-path-detection Fri, 27 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Open Weights: On-Prem Tradeoffs]]> https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-on-prem-tradeoffs https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-on-prem-tradeoffs Fri, 27 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Fine-Tuning Poisoning Detection for Supply Chains]]> https://safeguard.sh/resources/blog/fine-tuning-poisoning-detection-supply-chain https://safeguard.sh/resources/blog/fine-tuning-poisoning-detection-supply-chain Fri, 27 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard vs Snyk: Detailed 2026 Comparison]]> https://safeguard.sh/resources/blog/safeguard-vs-snyk-comparison-2026 https://safeguard.sh/resources/blog/safeguard-vs-snyk-comparison-2026 Fri, 27 Feb 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard MCP Server: Public Release Details]]> https://safeguard.sh/resources/blog/safeguard-mcp-server-public-release-2026 https://safeguard.sh/resources/blog/safeguard-mcp-server-public-release-2026 Fri, 27 Feb 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-23897 Jenkins CLI File Read Deep Dive]]> https://safeguard.sh/resources/blog/cve-2024-23897-jenkins-cli-file-read-deep-dive https://safeguard.sh/resources/blog/cve-2024-23897-jenkins-cli-file-read-deep-dive Fri, 27 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[LLM-As-Judge Pitfalls In Security Evals]]> https://safeguard.sh/resources/blog/ai-security-llm-as-judge-pitfalls https://safeguard.sh/resources/blog/ai-security-llm-as-judge-pitfalls Thu, 26 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Claude Batch API for Scanning]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-batch-api-for-scanning https://safeguard.sh/resources/blog/griffin-ai-vs-claude-batch-api-for-scanning Thu, 26 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Automotive OEM ISO 21434 Compliance]]> https://safeguard.sh/resources/blog/customer-story-automotive-oem-iso-21434-compliance https://safeguard.sh/resources/blog/customer-story-automotive-oem-iso-21434-compliance Thu, 26 Feb 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Why Developer Experience Matters to Security Programs]]> https://safeguard.sh/resources/blog/why-developer-experience-matters-security-programs https://safeguard.sh/resources/blog/why-developer-experience-matters-security-programs Thu, 26 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Dependency Update Triage Strategy for Eng Teams]]> https://safeguard.sh/resources/blog/dependency-update-triage-strategy-engineering-teams https://safeguard.sh/resources/blog/dependency-update-triage-strategy-engineering-teams Thu, 26 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Quality Across Ecosystems: 2026 Report]]> https://safeguard.sh/resources/blog/safeguard-research-sbom-quality-across-ecosystems-report https://safeguard.sh/resources/blog/safeguard-research-sbom-quality-across-ecosystems-report Thu, 26 Feb 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs GPT-5: Enterprise Controls]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-enterprise-controls https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-enterprise-controls Wed, 25 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Why Engine-Plus-LLM Beats Pure-LLM: Griffin vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-engine-plus-llm-advantage https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-engine-plus-llm-advantage Wed, 25 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Task-Routed LLM Architectures For Security]]> https://safeguard.sh/resources/blog/task-routed-llm-architectures-for-security https://safeguard.sh/resources/blog/task-routed-llm-architectures-for-security Wed, 25 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Windsurf vs Sourcegraph Cody: Security Comparison]]> https://safeguard.sh/resources/blog/windsurf-cody-security-comparison https://safeguard.sh/resources/blog/windsurf-cody-security-comparison Wed, 25 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Microsoft Midnight Blizzard Source Code Theft 2024]]> https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-source-code-theft-2024 https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-source-code-theft-2024 Wed, 25 Feb 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[SBOMs for Firmware and IoT Devices: The Hard Problem]]> https://safeguard.sh/resources/blog/sbom-for-firmware-iot-devices https://safeguard.sh/resources/blog/sbom-for-firmware-iot-devices Wed, 25 Feb 2026 10:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Cozy Bear / Midnight Blizzard Supply Chain Tactics]]> https://safeguard.sh/resources/blog/apt-cozy-bear-midnight-blizzard-supply-chain https://safeguard.sh/resources/blog/apt-cozy-bear-midnight-blizzard-supply-chain Wed, 25 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[DORA for Financial Services Software Supply Chain]]> https://safeguard.sh/resources/blog/dora-eu-software-supply-chain-for-financial-services https://safeguard.sh/resources/blog/dora-eu-software-supply-chain-for-financial-services Wed, 25 Feb 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-45519 Zimbra Unauth RCE Breakdown]]> https://safeguard.sh/resources/blog/cve-2024-45519-zimbra-unauth-rce-breakdown https://safeguard.sh/resources/blog/cve-2024-45519-zimbra-unauth-rce-breakdown Wed, 25 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Retrieval Context Poisoning At Scale]]> https://safeguard.sh/resources/blog/frontier-model-limit-retrieval-context-poisoning https://safeguard.sh/resources/blog/frontier-model-limit-retrieval-context-poisoning Tue, 24 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Gemini Multimodal: Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-multimodal-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-multimodal-for-security Tue, 24 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Federal Compliance Readiness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-federal-compliance-readiness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-federal-compliance-readiness Tue, 24 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Incident Response Playbook for a Compromised Dependency]]> https://safeguard.sh/resources/blog/incident-response-playbook-compromised-dependency https://safeguard.sh/resources/blog/incident-response-playbook-compromised-dependency Tue, 24 Feb 2026 10:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AWS EKS Pod Identity vs. IRSA for Supply Chain]]> https://safeguard.sh/resources/blog/aws-eks-pod-identity-vs-irsa-supply-chain https://safeguard.sh/resources/blog/aws-eks-pod-identity-vs-irsa-supply-chain Tue, 24 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Buy vs. Build a Supply Chain Security Platform]]> https://safeguard.sh/resources/blog/buy-vs-build-supply-chain-security-platform https://safeguard.sh/resources/blog/buy-vs-build-supply-chain-security-platform Tue, 24 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[pnpm and Yarn Modern Lockfile Security]]> https://safeguard.sh/resources/blog/pnpm-yarn-modern-lockfile-security https://safeguard.sh/resources/blog/pnpm-yarn-modern-lockfile-security Tue, 24 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[The Eval Culture Shift in AI Security]]> https://safeguard.sh/resources/blog/ai-security-trend-eval-culture-shift https://safeguard.sh/resources/blog/ai-security-trend-eval-culture-shift Mon, 23 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Dependency Upgrade Picks: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dependency-upgrade-recommendations https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dependency-upgrade-recommendations Mon, 23 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Gartner SRM Summit 2025 Recap]]> https://safeguard.sh/resources/blog/gartner-security-risk-management-summit-2025-recap https://safeguard.sh/resources/blog/gartner-security-risk-management-summit-2025-recap Mon, 23 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[CVE-2024-4577 PHP CGI Argument Injection Explained]]> https://safeguard.sh/resources/blog/cve-2024-4577-php-cgi-argument-injection-explained https://safeguard.sh/resources/blog/cve-2024-4577-php-cgi-argument-injection-explained Mon, 23 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[HIPAA Supply Chain Controls: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-hipaa-supply-chain-controls https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-hipaa-supply-chain-controls Sun, 22 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Source/Sink Classification: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-source-sink-classification https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-source-sink-classification Sun, 22 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Registry Security Governance]]> https://safeguard.sh/resources/blog/mcp-server-registry-security-governance https://safeguard.sh/resources/blog/mcp-server-registry-security-governance Sun, 22 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Agent-to-Agent Security in Multi-Agent Systems]]> https://safeguard.sh/resources/blog/agent-to-agent-security-multi-agent-systems https://safeguard.sh/resources/blog/agent-to-agent-security-multi-agent-systems Sun, 22 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FAQ: When Do You Need a Dedicated SBOM Tool?]]> https://safeguard.sh/resources/blog/faq-when-do-you-need-a-dedicated-sbom-tool https://safeguard.sh/resources/blog/faq-when-do-you-need-a-dedicated-sbom-tool Sun, 22 Feb 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Federal Software Procurement and SBOM Requirements: A Vendor's Playbook]]> https://safeguard.sh/resources/blog/federal-software-procurement-sbom-requirements https://safeguard.sh/resources/blog/federal-software-procurement-sbom-requirements Sun, 22 Feb 2026 10:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Multi-Arch Image Builds and Attestation Pitfalls]]> https://safeguard.sh/resources/blog/multi-arch-image-builds-attestation-pitfalls https://safeguard.sh/resources/blog/multi-arch-image-builds-attestation-pitfalls Sun, 22 Feb 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Model Inventory Tracking: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-model-inventory-tracking https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-model-inventory-tracking Sat, 21 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Cursor Tab for Security Review]]> https://safeguard.sh/resources/blog/griffin-ai-vs-cursor-tab-for-security-review https://safeguard.sh/resources/blog/griffin-ai-vs-cursor-tab-for-security-review Fri, 20 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[CSRF Modern Forms: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-csrf-modern-forms https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-csrf-modern-forms Fri, 20 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Golden Dataset Design: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-golden-dataset-design https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-golden-dataset-design Fri, 20 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[KEV, EPSS, CVSS: Which Signal Should Drive Patching?]]> https://safeguard.sh/resources/blog/kev-epss-cvss-which-signal-drives-patching https://safeguard.sh/resources/blog/kev-epss-cvss-which-signal-drives-patching Fri, 20 Feb 2026 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Security Summit 2026: Key Takeaways]]> https://safeguard.sh/resources/blog/open-source-security-summit-2026-recap https://safeguard.sh/resources/blog/open-source-security-summit-2026-recap Fri, 20 Feb 2026 10:00:00 GMT Events hi@safeguard.sh (Shadab Khan) <![CDATA[cargo-audit and cargo-deny: A Real Workflow]]> https://safeguard.sh/resources/blog/cargo-audit-deny-advisories-workflow https://safeguard.sh/resources/blog/cargo-audit-deny-advisories-workflow Fri, 20 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Dependabot vs. Renovate: Operational Experience]]> https://safeguard.sh/resources/blog/dependabot-vs-renovate-operational-experience https://safeguard.sh/resources/blog/dependabot-vs-renovate-operational-experience Fri, 20 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[DPRK IT Worker Supply Chain Insider Threat]]> https://safeguard.sh/resources/blog/north-korea-it-worker-supply-chain-insider-threat https://safeguard.sh/resources/blog/north-korea-it-worker-supply-chain-insider-threat Fri, 20 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Partnership Strategy 2026]]> https://safeguard.sh/resources/blog/safeguard-partnership-strategy-2026 https://safeguard.sh/resources/blog/safeguard-partnership-strategy-2026 Fri, 20 Feb 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Self-Healing Containers Now Generally Available]]> https://safeguard.sh/resources/blog/safeguard-self-healing-containers-general-availability https://safeguard.sh/resources/blog/safeguard-self-healing-containers-general-availability Fri, 20 Feb 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[TCO of SCA Platforms in 2026: What to Model]]> https://safeguard.sh/resources/blog/total-cost-of-ownership-sca-platforms-2026 https://safeguard.sh/resources/blog/total-cost-of-ownership-sca-platforms-2026 Fri, 20 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Hugging Face Model Hub Supply Chain Risks in 2025]]> https://safeguard.sh/resources/blog/huggingface-model-hub-supply-chain-risks-2025 https://safeguard.sh/resources/blog/huggingface-model-hub-supply-chain-risks-2025 Fri, 20 Feb 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Procurement Due Diligence Checklist]]> https://safeguard.sh/resources/blog/enterprise-ai-procurement-due-diligence-checklist https://safeguard.sh/resources/blog/enterprise-ai-procurement-due-diligence-checklist Thu, 19 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Deserialization Chains: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-deserialization-chains https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-deserialization-chains Thu, 19 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Triage Backlog Reduction: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-triage-backlog-reduction https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-triage-backlog-reduction Thu, 19 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Fine-Tuned Open Weights for SecOps]]> https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-fine-tuning-for-secops https://safeguard.sh/resources/blog/griffin-ai-vs-open-weight-fine-tuning-for-secops Thu, 19 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Buy, Build, or Hybrid: Supply Chain Security in 2026]]> https://safeguard.sh/resources/blog/buy-build-hybrid-supply-chain-security-2026 https://safeguard.sh/resources/blog/buy-build-hybrid-supply-chain-security-2026 Thu, 19 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Defense Contractor IL7 Deployment Walkthrough]]> https://safeguard.sh/resources/blog/customer-story-defense-contractor-il7-deployment https://safeguard.sh/resources/blog/customer-story-defense-contractor-il7-deployment Thu, 19 Feb 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Getting Started: Safeguard Kubernetes Admission]]> https://safeguard.sh/resources/blog/getting-started-safeguard-kubernetes-admission https://safeguard.sh/resources/blog/getting-started-safeguard-kubernetes-admission Thu, 19 Feb 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[Multi-Cloud Software Supply Chain Abstractions]]> https://safeguard.sh/resources/blog/multi-cloud-software-supply-chain-abstractions https://safeguard.sh/resources/blog/multi-cloud-software-supply-chain-abstractions Thu, 19 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Top 10 Riskiest Transitive Dependencies 2026]]> https://safeguard.sh/resources/blog/safeguard-research-top-10-riskiest-transitive-deps-2026 https://safeguard.sh/resources/blog/safeguard-research-top-10-riskiest-transitive-deps-2026 Thu, 19 Feb 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[Leakage Testing Methods For Security Benchmarks]]> https://safeguard.sh/resources/blog/ai-security-benchmark-leakage-testing-methods https://safeguard.sh/resources/blog/ai-security-benchmark-leakage-testing-methods Wed, 18 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Claude Desktop MCP for Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-desktop-mcp-integration https://safeguard.sh/resources/blog/griffin-ai-vs-claude-desktop-mcp-integration Wed, 18 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Mythos: Architecture Deep Dive]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-architecture-deep-dive https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-architecture-deep-dive Wed, 18 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[MCP Transport Layer Security Options]]> https://safeguard.sh/resources/blog/mcp-transport-layer-security-options https://safeguard.sh/resources/blog/mcp-transport-layer-security-options Wed, 18 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Multi-Modal AI Supply Chain Considerations]]> https://safeguard.sh/resources/blog/multi-modal-ai-supply-chain-considerations https://safeguard.sh/resources/blog/multi-modal-ai-supply-chain-considerations Wed, 18 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI-Generated Dockerfile Vulnerability Patterns]]> https://safeguard.sh/resources/blog/ai-generated-dockerfile-vulnerability-patterns https://safeguard.sh/resources/blog/ai-generated-dockerfile-vulnerability-patterns Wed, 18 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cloud Supply Chain Security Across AWS, Azure, and GCP]]> https://safeguard.sh/resources/blog/cloud-supply-chain-security-aws-azure-gcp https://safeguard.sh/resources/blog/cloud-supply-chain-security-aws-azure-gcp Wed, 18 Feb 2026 10:00:00 GMT Cloud Security hi@safeguard.sh (Michael) <![CDATA[npm Slopsquat: The Hallucinated Package Risk in 2026]]> https://safeguard.sh/resources/blog/npm-slopsquat-hallucinated-package-risk-2026 https://safeguard.sh/resources/blog/npm-slopsquat-hallucinated-package-risk-2026 Wed, 18 Feb 2026 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard February 2026 Release Notes]]> https://safeguard.sh/resources/blog/safeguard-changelog-february-2026 https://safeguard.sh/resources/blog/safeguard-changelog-february-2026 Wed, 18 Feb 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[YAML Deserialization Attacks: The Config File That Runs Code]]> https://safeguard.sh/resources/blog/yaml-deserialization-attacks https://safeguard.sh/resources/blog/yaml-deserialization-attacks Wed, 18 Feb 2026 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[NIST SSDF Audit: What Auditors Actually Check]]> https://safeguard.sh/resources/blog/nist-ssdf-secure-software-development-framework-audit https://safeguard.sh/resources/blog/nist-ssdf-secure-software-development-framework-audit Wed, 18 Feb 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs OpenAI Function Calling: Scoping]]> https://safeguard.sh/resources/blog/griffin-ai-vs-openai-function-calling-scoping https://safeguard.sh/resources/blog/griffin-ai-vs-openai-function-calling-scoping Tue, 17 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[LLM Selection Cost-Quality Tradeoff For Security]]> https://safeguard.sh/resources/blog/llm-selection-cost-quality-tradeoff-security https://safeguard.sh/resources/blog/llm-selection-cost-quality-tradeoff-security Tue, 17 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Black Basta Ransomware Leak Lessons Learned]]> https://safeguard.sh/resources/blog/blackbasta-ransomware-leak-lessons-learned https://safeguard.sh/resources/blog/blackbasta-ransomware-leak-lessons-learned Tue, 17 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[NuGet Package Signing Status in 2026]]> https://safeguard.sh/resources/blog/nuget-package-signing-microsoft-2026 https://safeguard.sh/resources/blog/nuget-package-signing-microsoft-2026 Tue, 17 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Unbounded Output Space And Security Contracts]]> https://safeguard.sh/resources/blog/frontier-model-limit-unbounded-output-space https://safeguard.sh/resources/blog/frontier-model-limit-unbounded-output-space Mon, 16 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Bring-Your-Own-Model: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-bring-your-own-model https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-bring-your-own-model Mon, 16 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Vertex AI Safety for Enterprise]]> https://safeguard.sh/resources/blog/griffin-ai-vs-vertex-ai-safety-for-enterprise https://safeguard.sh/resources/blog/griffin-ai-vs-vertex-ai-safety-for-enterprise Mon, 16 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FAQ: How Much Does Supply Chain Security Cost?]]> https://safeguard.sh/resources/blog/faq-how-much-does-supply-chain-security-cost-2026 https://safeguard.sh/resources/blog/faq-how-much-does-supply-chain-security-cost-2026 Mon, 16 Feb 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[KubeCon NA 2025: Supply Chain Security Themes]]> https://safeguard.sh/resources/blog/kubecon-na-2025-supply-chain-security-themes https://safeguard.sh/resources/blog/kubecon-na-2025-supply-chain-security-themes Mon, 16 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Board-Level Supply Chain Security Reporting]]> https://safeguard.sh/resources/blog/board-level-supply-chain-security-reporting https://safeguard.sh/resources/blog/board-level-supply-chain-security-reporting Mon, 16 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[K8s RBAC Blast Radius in Supply Chain Attacks]]> https://safeguard.sh/resources/blog/kubernetes-rbac-blast-radius-supply-chain https://safeguard.sh/resources/blog/kubernetes-rbac-blast-radius-supply-chain Mon, 16 Feb 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[EU AI Act Enforcement: Year One Review]]> https://safeguard.sh/resources/blog/ai-security-trend-eu-ai-act-enforcement-first-year https://safeguard.sh/resources/blog/ai-security-trend-eu-ai-act-enforcement-first-year Sun, 15 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Patch Minimality: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-patch-minimality https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-patch-minimality Sun, 15 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[MCP Server Rate-Limiting Patterns]]> https://safeguard.sh/resources/blog/mcp-server-rate-limiting-patterns https://safeguard.sh/resources/blog/mcp-server-rate-limiting-patterns Sun, 15 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Securing MCP Servers in the Enterprise: A Practical Guide]]> https://safeguard.sh/resources/blog/securing-mcp-servers-enterprise-guide https://safeguard.sh/resources/blog/securing-mcp-servers-enterprise-guide Sun, 15 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI Models in Your Supply Chain: The Security Risks Nobody Talks About]]> https://safeguard.sh/resources/blog/ai-supply-chain-security-risks https://safeguard.sh/resources/blog/ai-supply-chain-security-risks Sun, 15 Feb 2026 00:00:00 GMT AI Security hi@safeguard.sh (Safeguard Team) <![CDATA[Framework Routing Awareness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-framework-routing-awareness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-framework-routing-awareness Sat, 14 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[PCI DSS 4.0 Alignment: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-pci-dss-4-alignment https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-pci-dss-4-alignment Sat, 14 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Getting Started: Safeguard GitHub Actions Gate]]> https://safeguard.sh/resources/blog/getting-started-safeguard-github-actions-gate https://safeguard.sh/resources/blog/getting-started-safeguard-github-actions-gate Sat, 14 Feb 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[GCP Artifact Analysis API for Vulnerability Triage]]> https://safeguard.sh/resources/blog/gcp-artifact-analysis-api-vulnerability-triage https://safeguard.sh/resources/blog/gcp-artifact-analysis-api-vulnerability-triage Sat, 14 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Multi-Tenant Isolation for FedRAMP HIGH]]> https://safeguard.sh/resources/blog/safeguard-multi-tenant-isolation-architecture-fedramp https://safeguard.sh/resources/blog/safeguard-multi-tenant-isolation-architecture-fedramp Sat, 14 Feb 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[Supply Chain Security KPIs for Engineering Leaders]]> https://safeguard.sh/resources/blog/supply-chain-security-kpis-for-engineering-leaders https://safeguard.sh/resources/blog/supply-chain-security-kpis-for-engineering-leaders Sat, 14 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[SLSA Provenance Consumption: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-slsa-provenance-consumption https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-slsa-provenance-consumption Fri, 13 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Copilot Code Review Security: What It Misses]]> https://safeguard.sh/resources/blog/copilot-code-review-security-limitations https://safeguard.sh/resources/blog/copilot-code-review-security-limitations Fri, 13 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[LockBit Takedown: What Came After]]> https://safeguard.sh/resources/blog/lockbit-operational-takedown-aftermath https://safeguard.sh/resources/blog/lockbit-operational-takedown-aftermath Fri, 13 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Gold Expands to 6,000+ Artifacts]]> https://safeguard.sh/resources/blog/safeguard-gold-registry-expansion-6000-artifacts https://safeguard.sh/resources/blog/safeguard-gold-registry-expansion-6000-artifacts Fri, 13 Feb 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[debug/chalk npm Compromise Sept 2025: Deep Dive]]> https://safeguard.sh/resources/blog/debug-chalk-npm-compromise-sept-2025 https://safeguard.sh/resources/blog/debug-chalk-npm-compromise-sept-2025 Fri, 13 Feb 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cursor IDE Security Model: What Enterprises Need to Know]]> https://safeguard.sh/resources/blog/cursor-ide-security-model-2026 https://safeguard.sh/resources/blog/cursor-ide-security-model-2026 Thu, 12 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Regression Gates: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-regression-gates https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-regression-gates Thu, 12 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[XSS Variants: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-xss-variants https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-xss-variants Thu, 12 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Reka Multimodal for Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-reka-multimodal-security-use https://safeguard.sh/resources/blog/griffin-ai-vs-reka-multimodal-security-use Thu, 12 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SaaS Vendor's EU CRA Readiness Sprint]]> https://safeguard.sh/resources/blog/customer-story-saas-vendor-cra-readiness-sprint https://safeguard.sh/resources/blog/customer-story-saas-vendor-cra-readiness-sprint Thu, 12 Feb 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[The End of CVSS-Only Prioritization]]> https://safeguard.sh/resources/blog/the-end-of-cvss-only-prioritization https://safeguard.sh/resources/blog/the-end-of-cvss-only-prioritization Thu, 12 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Central Sigstore Migration Status]]> https://safeguard.sh/resources/blog/maven-central-sigstore-migration-status https://safeguard.sh/resources/blog/maven-central-sigstore-migration-status Thu, 12 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Code Assistant Package Hallucination Study]]> https://safeguard.sh/resources/blog/safeguard-research-ai-code-assistant-package-hallucination-study https://safeguard.sh/resources/blog/safeguard-research-ai-code-assistant-package-hallucination-study Thu, 12 Feb 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[Sify Technology and US Enterprise Reach: What We're Evaluating]]> https://safeguard.sh/resources/blog/safeguard-sify-technology-us-enterprise-reach https://safeguard.sh/resources/blog/safeguard-sify-technology-us-enterprise-reach Thu, 12 Feb 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Incident Response Playbooks]]> https://safeguard.sh/resources/blog/enterprise-ai-incident-response-playbooks https://safeguard.sh/resources/blog/enterprise-ai-incident-response-playbooks Wed, 11 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemma for Lightweight Scanning]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemma-for-lightweight-scanning https://safeguard.sh/resources/blog/griffin-ai-vs-gemma-for-lightweight-scanning Wed, 11 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Engineer-Hour Savings: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-engineer-hour-savings https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-engineer-hour-savings Wed, 11 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Novel Bug Class Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-novel-bug-class-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-novel-bug-class-detection Wed, 11 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Container Breakout Class Vulnerabilities 2024-2025]]> https://safeguard.sh/resources/blog/container-breakout-class-vulnerabilities-2024-2025 https://safeguard.sh/resources/blog/container-breakout-class-vulnerabilities-2024-2025 Wed, 11 Feb 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[EU Cyber Resilience Act Enforcement Timeline 2026]]> https://safeguard.sh/resources/blog/eu-cyber-resilience-act-enforcement-timeline-2026 https://safeguard.sh/resources/blog/eu-cyber-resilience-act-enforcement-timeline-2026 Wed, 11 Feb 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[OpenVEX vs. CycloneDX VEX: Which to Pick]]> https://safeguard.sh/resources/blog/vex-openvex-vs-cyclonedx-vex-which-to-pick https://safeguard.sh/resources/blog/vex-openvex-vs-cyclonedx-vex-which-to-pick Wed, 11 Feb 2026 09:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[VMware ESXi CVE-2024-37085 Auth Bypass by Ransomware]]> https://safeguard.sh/resources/blog/cve-2024-37085-vmware-esxi-auth-bypass https://safeguard.sh/resources/blog/cve-2024-37085-vmware-esxi-auth-bypass Wed, 11 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Benchmark Contamination Concerns In Security Evals]]> https://safeguard.sh/resources/blog/ai-security-benchmark-contamination-concerns https://safeguard.sh/resources/blog/ai-security-benchmark-contamination-concerns Tue, 10 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Claude Agent Skills for Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-agent-skills-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-claude-agent-skills-for-security Tue, 10 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Mythos: The Security Platform Comparison]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-security-platform-comparison https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-security-platform-comparison Tue, 10 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FAQ: Building an AppSec Program From Scratch]]> https://safeguard.sh/resources/blog/faq-building-appsec-program-from-scratch-2026 https://safeguard.sh/resources/blog/faq-building-appsec-program-from-scratch-2026 Tue, 10 Feb 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Central Malicious Publishing Trends 2025]]> https://safeguard.sh/resources/blog/maven-central-malicious-publishing-trends-2025 https://safeguard.sh/resources/blog/maven-central-malicious-publishing-trends-2025 Tue, 10 Feb 2026 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Azure ACR Image Signing with Notation Policy]]> https://safeguard.sh/resources/blog/azure-acr-image-signing-notation-policy https://safeguard.sh/resources/blog/azure-acr-image-signing-notation-policy Tue, 10 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[FIN7 Supply Chain Social Engineering (2024)]]> https://safeguard.sh/resources/blog/fin7-supply-chain-social-engineering-2024 https://safeguard.sh/resources/blog/fin7-supply-chain-social-engineering-2024 Tue, 10 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Reproducible Builds: Why Bother in 2026?]]> https://safeguard.sh/resources/blog/reproducible-builds-why-bother-in-2026 https://safeguard.sh/resources/blog/reproducible-builds-why-bother-in-2026 Tue, 10 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Introducing Griffin AI v2: Context-Aware Security Intelligence]]> https://safeguard.sh/resources/blog/safeguard-griffin-ai-v2-release https://safeguard.sh/resources/blog/safeguard-griffin-ai-v2-release Tue, 10 Feb 2026 09:00:00 GMT Product hi@safeguard.sh (Yukti Singhal) <![CDATA[Griffin AI vs GPT-5: Context Grounding]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-context-grounding https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-context-grounding Mon, 09 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Evaluating Security-Specific Reasoning Models]]> https://safeguard.sh/resources/blog/security-specific-reasoning-model-evaluation https://safeguard.sh/resources/blog/security-specific-reasoning-model-evaluation Mon, 09 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Getting Started with Safeguard MCP + ChatGPT]]> https://safeguard.sh/resources/blog/getting-started-safeguard-mcp-with-chatgpt https://safeguard.sh/resources/blog/getting-started-safeguard-mcp-with-chatgpt Mon, 09 Feb 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[RSA Conference 2026: Supply Chain Themes]]> https://safeguard.sh/resources/blog/rsa-conference-2026-supply-chain-themes https://safeguard.sh/resources/blog/rsa-conference-2026-supply-chain-themes Mon, 09 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Hiring Software Supply Chain Security Engineers]]> https://safeguard.sh/resources/blog/hiring-software-supply-chain-security-engineers https://safeguard.sh/resources/blog/hiring-software-supply-chain-security-engineers Mon, 09 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[xrpl.js npm Backdoor April 2025 Incident Analysis]]> https://safeguard.sh/resources/blog/xrpl-js-npm-backdoor-april-2025 https://safeguard.sh/resources/blog/xrpl-js-npm-backdoor-april-2025 Mon, 09 Feb 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Tool-Call Privilege Escalation In Practice]]> https://safeguard.sh/resources/blog/frontier-model-limit-tool-call-privilege-escalation https://safeguard.sh/resources/blog/frontier-model-limit-tool-call-privilege-escalation Sun, 08 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemini Function Calling: Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-function-calling-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-function-calling-for-security Sun, 08 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[RBAC & Scoping: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-rbac-and-scoping https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-rbac-and-scoping Sun, 08 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[MCP Server Multi-Tenant Isolation]]> https://safeguard.sh/resources/blog/mcp-server-multi-tenant-isolation https://safeguard.sh/resources/blog/mcp-server-multi-tenant-isolation Sun, 08 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Model Weights: Signing, Attestation, Provenance]]> https://safeguard.sh/resources/blog/ai-model-weights-signing-attestation https://safeguard.sh/resources/blog/ai-model-weights-signing-attestation Sun, 08 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[GitLab OIDC Token Theft: Workflow Research]]> https://safeguard.sh/resources/blog/gitlab-oidc-token-theft-workflow-research https://safeguard.sh/resources/blog/gitlab-oidc-token-theft-workflow-research Sun, 08 Feb 2026 10:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Enrichment and Vulnerability Correlation: Turning Inventory into Intelligence]]> https://safeguard.sh/resources/blog/sbom-enrichment-vulnerability-correlation https://safeguard.sh/resources/blog/sbom-enrichment-vulnerability-correlation Sun, 08 Feb 2026 10:00:00 GMT SBOM hi@safeguard.sh (Alex) <![CDATA[Safeguard Policy Evaluation Engine]]> https://safeguard.sh/resources/blog/safeguard-policy-evaluation-engine-architecture https://safeguard.sh/resources/blog/safeguard-policy-evaluation-engine-architecture Sun, 08 Feb 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[AI-BOM Adoption: State of the Art in 2026]]> https://safeguard.sh/resources/blog/ai-security-trend-ai-bom-adoption-2026 https://safeguard.sh/resources/blog/ai-security-trend-ai-bom-adoption-2026 Sat, 07 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Fix Explanation Quality: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-fix-explanation-quality https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-fix-explanation-quality Sat, 07 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Go Module Checksum Database In Depth]]> https://safeguard.sh/resources/blog/go-module-checksum-database-in-depth https://safeguard.sh/resources/blog/go-module-checksum-database-in-depth Sat, 07 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Dynamic Dispatch: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dynamic-dispatch-handling https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-dynamic-dispatch-handling Fri, 06 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Fargate/ECS Container Supply Chain Pitfalls]]> https://safeguard.sh/resources/blog/fargate-ecs-container-supply-chain-pitfalls https://safeguard.sh/resources/blog/fargate-ecs-container-supply-chain-pitfalls Fri, 06 Feb 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Gamaredon Ukraine Targeting Supply Chain 2025]]> https://safeguard.sh/resources/blog/gamaredon-ukraine-targeting-supply-chain-2025 https://safeguard.sh/resources/blog/gamaredon-ukraine-targeting-supply-chain-2025 Fri, 06 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Lazarus Group: 3CX and Software Builds]]> https://safeguard.sh/resources/blog/lazarus-group-3cx-and-software-builds https://safeguard.sh/resources/blog/lazarus-group-3cx-and-software-builds Fri, 06 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Secure Defaults for Internal Developer Platforms]]> https://safeguard.sh/resources/blog/secure-defaults-for-internal-developer-platforms https://safeguard.sh/resources/blog/secure-defaults-for-internal-developer-platforms Fri, 06 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[CUPS CVE-2024-47176: Network RCE via IPP]]> https://safeguard.sh/resources/blog/cve-2024-47176-cups-network-rce https://safeguard.sh/resources/blog/cve-2024-47176-cups-network-rce Fri, 06 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[ISO 27001 Mapping: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-iso-27001-mapping https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-iso-27001-mapping Thu, 05 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[VEX Integration: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-vex-integration https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-vex-integration Thu, 05 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[LLM Output Filtering as a Security Control]]> https://safeguard.sh/resources/blog/llm-output-filtering-as-security-control https://safeguard.sh/resources/blog/llm-output-filtering-as-security-control Thu, 05 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Federal Agency FedRAMP Evidence Pack in 30 Days]]> https://safeguard.sh/resources/blog/customer-story-federal-agency-fedramp-evidence-pack https://safeguard.sh/resources/blog/customer-story-federal-agency-fedramp-evidence-pack Thu, 05 Feb 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[LLM Jailbreak as a Supply Chain Risk in 2026]]> https://safeguard.sh/resources/blog/llm-jailbreak-as-supply-chain-risk-2026 https://safeguard.sh/resources/blog/llm-jailbreak-as-supply-chain-risk-2026 Thu, 05 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM as a Product, Not a Checkbox]]> https://safeguard.sh/resources/blog/sbom-as-a-product-not-a-checkbox-2026 https://safeguard.sh/resources/blog/sbom-as-a-product-not-a-checkbox-2026 Thu, 05 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Management Automation in 2026: Beyond Scanning]]> https://safeguard.sh/resources/blog/vulnerability-management-automation-2026 https://safeguard.sh/resources/blog/vulnerability-management-automation-2026 Thu, 05 Feb 2026 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Michael) <![CDATA[AWS ECR Signing Policies with Notation]]> https://safeguard.sh/resources/blog/aws-ecr-signing-policies-notation https://safeguard.sh/resources/blog/aws-ecr-signing-policies-notation Thu, 05 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Abandoned Dependency Risk Study]]> https://safeguard.sh/resources/blog/safeguard-research-abandoned-dependency-risk-study https://safeguard.sh/resources/blog/safeguard-research-abandoned-dependency-risk-study Thu, 05 Feb 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[Solana web3.js npm Backdoor: Dec 2024 Post-Mortem]]> https://safeguard.sh/resources/blog/solana-web3-js-npm-backdoor-2024 https://safeguard.sh/resources/blog/solana-web3-js-npm-backdoor-2024 Thu, 05 Feb 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Inflection Pi for Security Assistance]]> https://safeguard.sh/resources/blog/griffin-ai-vs-inflection-pi-for-security-assistance https://safeguard.sh/resources/blog/griffin-ai-vs-inflection-pi-for-security-assistance Wed, 04 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Path Traversal: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-path-traversal-cases https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-path-traversal-cases Wed, 04 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Refusal Rate Analysis: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-refusal-rate-analysis https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-refusal-rate-analysis Wed, 04 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FAQ: CycloneDX vs SPDX — Which to Use?]]> https://safeguard.sh/resources/blog/faq-sbom-format-choice-cyclonedx-vs-spdx https://safeguard.sh/resources/blog/faq-sbom-format-choice-cyclonedx-vs-spdx Wed, 04 Feb 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Getting Started with Safeguard MCP + Claude Desktop]]> https://safeguard.sh/resources/blog/getting-started-safeguard-mcp-with-claude-desktop https://safeguard.sh/resources/blog/getting-started-safeguard-mcp-with-claude-desktop Wed, 04 Feb 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[Leaky Vessels: The runc Container Escape Class (2024)]]> https://safeguard.sh/resources/blog/leaky-vessels-runc-container-escape-class-2024 https://safeguard.sh/resources/blog/leaky-vessels-runc-container-escape-class-2024 Wed, 04 Feb 2026 10:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Lino 2.0: Multi-Jurisdiction Compliance]]> https://safeguard.sh/resources/blog/safeguard-lino-2-0-release-compliance-model https://safeguard.sh/resources/blog/safeguard-lino-2-0-release-compliance-model Wed, 04 Feb 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Ingestion at Scale: An Architecture Guide]]> https://safeguard.sh/resources/blog/sbom-ingestion-at-scale-architecture https://safeguard.sh/resources/blog/sbom-ingestion-at-scale-architecture Wed, 04 Feb 2026 09:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[SEC Cyber Incident Disclosure Rule: Year Two]]> https://safeguard.sh/resources/blog/sec-cybersecurity-incident-disclosure-rule-year-two https://safeguard.sh/resources/blog/sec-cybersecurity-incident-disclosure-rule-year-two Wed, 04 Feb 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[State of Vulnerability Management 2026 Report]]> https://safeguard.sh/resources/blog/state-of-vulnerability-management-2026-report https://safeguard.sh/resources/blog/state-of-vulnerability-management-2026-report Wed, 04 Feb 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise LLM Budget Management Patterns]]> https://safeguard.sh/resources/blog/enterprise-llm-budget-management-patterns https://safeguard.sh/resources/blog/enterprise-llm-budget-management-patterns Tue, 03 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs DeepSeek Coder for Security Review]]> https://safeguard.sh/resources/blog/griffin-ai-vs-deepseek-coder-for-security-review https://safeguard.sh/resources/blog/griffin-ai-vs-deepseek-coder-for-security-review Tue, 03 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Exploit Path Synthesis: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-exploit-path-synthesis https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-exploit-path-synthesis Tue, 03 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Throughput At Scale: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-throughput-at-scale https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-throughput-at-scale Tue, 03 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[RAG Pipeline Supply Chain Attacks: Vector DBs and More]]> https://safeguard.sh/resources/blog/rag-pipeline-supply-chain-attacks https://safeguard.sh/resources/blog/rag-pipeline-supply-chain-attacks Tue, 03 Feb 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Automated Zero-Day Discovery: How AI Is Changing Vulnerability Research]]> https://safeguard.sh/resources/blog/zero-day-discovery-automated-approaches https://safeguard.sh/resources/blog/zero-day-discovery-automated-approaches Tue, 03 Feb 2026 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Bob) <![CDATA[OCI + CNCF Image Supply Chain: 2026 Snapshot]]> https://safeguard.sh/resources/blog/ocid-cncf-image-supply-chain-2026 https://safeguard.sh/resources/blog/ocid-cncf-image-supply-chain-2026 Tue, 03 Feb 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[SEvenLLM Design And Coverage]]> https://safeguard.sh/resources/blog/ai-security-benchmark-sevenllm-design https://safeguard.sh/resources/blog/ai-security-benchmark-sevenllm-design Mon, 02 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Claude Haiku for Bulk Scanning]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-haiku-for-bulk-scanning https://safeguard.sh/resources/blog/griffin-ai-vs-claude-haiku-for-bulk-scanning Mon, 02 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[DEF CON 33 Software Supply Chain Sessions Recap]]> https://safeguard.sh/resources/blog/defcon-33-recap-software-supply-chain-sessions https://safeguard.sh/resources/blog/defcon-33-recap-software-supply-chain-sessions Mon, 02 Feb 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI mexalz Malware Campaign Deep Dive]]> https://safeguard.sh/resources/blog/pypi-mexalz-malware-campaign-deep-dive https://safeguard.sh/resources/blog/pypi-mexalz-malware-campaign-deep-dive Mon, 02 Feb 2026 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Dev Container Security Posture (incl. Dotfiles)]]> https://safeguard.sh/resources/blog/dev-container-security-posture-dotfiles https://safeguard.sh/resources/blog/dev-container-security-posture-dotfiles Mon, 02 Feb 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Measuring AppSec Program Effectiveness in 2026]]> https://safeguard.sh/resources/blog/measuring-appsec-program-effectiveness-2026 https://safeguard.sh/resources/blog/measuring-appsec-program-effectiveness-2026 Mon, 02 Feb 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[RansomHub Ransomware and EDR Bypass (2024)]]> https://safeguard.sh/resources/blog/ransomhub-ransomware-edr-bypass-2024 https://safeguard.sh/resources/blog/ransomhub-ransomware-edr-bypass-2024 Mon, 02 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Rust crates.io Supply Chain Controls in 2026]]> https://safeguard.sh/resources/blog/rust-crates-io-supply-chain-controls-2026 https://safeguard.sh/resources/blog/rust-crates-io-supply-chain-controls-2026 Mon, 02 Feb 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Explores Partnership With Sify Technology (USA)]]> https://safeguard.sh/resources/blog/safeguard-exploring-partnership-sify-technology-usa https://safeguard.sh/resources/blog/safeguard-exploring-partnership-sify-technology-usa Mon, 02 Feb 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin Agent Loop: Design Decisions]]> https://safeguard.sh/resources/blog/safeguard-griffin-agent-loop-design https://safeguard.sh/resources/blog/safeguard-griffin-agent-loop-design Mon, 02 Feb 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[Salt Typhoon Telecom Supply Chain Campaign 2024]]> https://safeguard.sh/resources/blog/salt-typhoon-telecom-supply-chain-campaign-2024 https://safeguard.sh/resources/blog/salt-typhoon-telecom-supply-chain-campaign-2024 Mon, 02 Feb 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[SonicWall SMA 1000 CVE-2025-23006 Pre-Auth RCE]]> https://safeguard.sh/resources/blog/cve-2025-23006-sonicwall-sma-1000-rce https://safeguard.sh/resources/blog/cve-2025-23006-sonicwall-sma-1000-rce Mon, 02 Feb 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Audit Log Completeness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-audit-log-completeness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-audit-log-completeness Sun, 01 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs OpenAI o1 for Security Reasoning]]> https://safeguard.sh/resources/blog/griffin-ai-vs-openai-o1-reasoning https://safeguard.sh/resources/blog/griffin-ai-vs-openai-o1-reasoning Sun, 01 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Small-Model Distillation For Security Workflows]]> https://safeguard.sh/resources/blog/small-model-distillation-for-security-workflows https://safeguard.sh/resources/blog/small-model-distillation-for-security-workflows Sun, 01 Feb 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[The Software Transparency Act of 2026: What It Means for the Industry]]> https://safeguard.sh/resources/blog/software-transparency-act-2026-analysis https://safeguard.sh/resources/blog/software-transparency-act-2026-analysis Sun, 01 Feb 2026 10:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[GCP Cloud Build + Workload Identity Federation]]> https://safeguard.sh/resources/blog/gcp-cloud-build-workload-identity-federation https://safeguard.sh/resources/blog/gcp-cloud-build-workload-identity-federation Sun, 01 Feb 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Ledger Connect Kit Attack: What Devs Missed]]> https://safeguard.sh/resources/blog/ledger-connect-kit-supply-chain-attack-2023 https://safeguard.sh/resources/blog/ledger-connect-kit-supply-chain-attack-2023 Sun, 01 Feb 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Training Data Opacity As A Trust Limit]]> https://safeguard.sh/resources/blog/frontier-model-limit-training-data-opacity https://safeguard.sh/resources/blog/frontier-model-limit-training-data-opacity Sat, 31 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Gemini Long Context for Codebases]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-long-context-for-codebases https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-long-context-for-codebases Sat, 31 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Human Review Burden: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-human-review-burden https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-human-review-burden Sat, 31 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Agent Security: Enterprise Adoption Patterns]]> https://safeguard.sh/resources/blog/ai-security-trend-agent-security-enterprise-adoption https://safeguard.sh/resources/blog/ai-security-trend-agent-security-enterprise-adoption Fri, 30 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Claude Code Coding Agent: Security Posture Review]]> https://safeguard.sh/resources/blog/claude-code-coding-agent-security-posture https://safeguard.sh/resources/blog/claude-code-coding-agent-security-posture Fri, 30 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Cross-Package Analysis: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cross-package-analysis https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cross-package-analysis Fri, 30 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[CISO FAQ: Software Supply Chain Security 2026]]> https://safeguard.sh/resources/blog/faq-software-supply-chain-security-for-cisos-2026 https://safeguard.sh/resources/blog/faq-software-supply-chain-security-for-cisos-2026 Fri, 30 Jan 2026 10:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Getting Started with Safeguard CLI: Your First Scan]]> https://safeguard.sh/resources/blog/getting-started-safeguard-cli-first-scan https://safeguard.sh/resources/blog/getting-started-safeguard-cli-first-scan Fri, 30 Jan 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[Sigstore Policy Controller for K8s in Production]]> https://safeguard.sh/resources/blog/kubernetes-supply-chain-sigstore-policy-controller https://safeguard.sh/resources/blog/kubernetes-supply-chain-sigstore-policy-controller Fri, 30 Jan 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Scattered Spider: Identity as Supply Chain 2024-25]]> https://safeguard.sh/resources/blog/scattered-spider-identity-supply-chain-2024-2025 https://safeguard.sh/resources/blog/scattered-spider-identity-supply-chain-2024-2025 Fri, 30 Jan 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[State of SBOM Adoption Across Industries 2026]]> https://safeguard.sh/resources/blog/state-of-sbom-adoption-across-industries-2026 https://safeguard.sh/resources/blog/state-of-sbom-adoption-across-industries-2026 Fri, 30 Jan 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AI-BOM Awareness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ai-bom-awareness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ai-bom-awareness Thu, 29 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SOC 2 Type II Evidence: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-soc2-type2-evidence https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-soc2-type2-evidence Thu, 29 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI Model Weight Tampering Detection Techniques]]> https://safeguard.sh/resources/blog/ai-model-weight-tampering-detection-techniques https://safeguard.sh/resources/blog/ai-model-weight-tampering-detection-techniques Thu, 29 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FinTech Cuts CVE Noise 80% With Reachability]]> https://safeguard.sh/resources/blog/customer-story-fintech-80-percent-cve-noise-cut https://safeguard.sh/resources/blog/customer-story-fintech-80-percent-cve-noise-cut Thu, 29 Jan 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Sandboxing LLM Agent Code Execution: Patterns]]> https://safeguard.sh/resources/blog/llm-agent-code-execution-sandboxing https://safeguard.sh/resources/blog/llm-agent-code-execution-sandboxing Thu, 29 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[The Case for Autonomous Remediation Now]]> https://safeguard.sh/resources/blog/the-case-for-autonomous-remediation-now https://safeguard.sh/resources/blog/the-case-for-autonomous-remediation-now Thu, 29 Jan 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Reachability Noise Reduction: Findings]]> https://safeguard.sh/resources/blog/safeguard-research-reachability-noise-reduction-findings https://safeguard.sh/resources/blog/safeguard-research-reachability-noise-reduction-findings Thu, 29 Jan 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[ScreenConnect CVE-2024-57727 Path Traversal Detailed]]> https://safeguard.sh/resources/blog/cve-2024-57727-screenconnect-path-traversal https://safeguard.sh/resources/blog/cve-2024-57727-screenconnect-path-traversal Thu, 29 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Citation Accuracy: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-citation-accuracy https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-citation-accuracy Wed, 28 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SSRF Detection: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ssrf-detection https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ssrf-detection Wed, 28 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Capability Declaration Audit]]> https://safeguard.sh/resources/blog/mcp-server-capability-declaration-audit https://safeguard.sh/resources/blog/mcp-server-capability-declaration-audit Wed, 28 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Black Hat USA 2025: Supply Chain Security Recap]]> https://safeguard.sh/resources/blog/black-hat-usa-2025-supply-chain-security-recap https://safeguard.sh/resources/blog/black-hat-usa-2025-supply-chain-security-recap Wed, 28 Jan 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard January 2026 Release Notes]]> https://safeguard.sh/resources/blog/safeguard-changelog-january-2026 https://safeguard.sh/resources/blog/safeguard-changelog-january-2026 Wed, 28 Jan 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[CISA Secure by Design Pledge: Signatories in 2026]]> https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge-signatories-2026 https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge-signatories-2026 Wed, 28 Jan 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[FDA Premarket Cybersecurity SBOM in 2026]]> https://safeguard.sh/resources/blog/fda-premarket-cybersecurity-sbom-2026 https://safeguard.sh/resources/blog/fda-premarket-cybersecurity-sbom-2026 Wed, 28 Jan 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Trusted Publishing Common Pitfalls]]> https://safeguard.sh/resources/blog/pypi-trusted-publishing-common-pitfalls https://safeguard.sh/resources/blog/pypi-trusted-publishing-common-pitfalls Wed, 28 Jan 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Gold Build Pipeline: How It Works]]> https://safeguard.sh/resources/blog/safeguard-gold-build-pipeline-how-it-works https://safeguard.sh/resources/blog/safeguard-gold-build-pipeline-how-it-works Wed, 28 Jan 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Review in Pull Request Workflows]]> https://safeguard.sh/resources/blog/sbom-in-pull-request-workflows-practical https://safeguard.sh/resources/blog/sbom-in-pull-request-workflows-practical Wed, 28 Jan 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Rspack npm Account Takeover: 2024 Incident Analysis]]> https://safeguard.sh/resources/blog/rspack-npm-account-takeover-2024 https://safeguard.sh/resources/blog/rspack-npm-account-takeover-2024 Wed, 28 Jan 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs AI21 Jurassic for Security Workflows]]> https://safeguard.sh/resources/blog/griffin-ai-vs-ai21-jurassic-security-workflows https://safeguard.sh/resources/blog/griffin-ai-vs-ai21-jurassic-security-workflows Tue, 27 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cache Hit Optimisation: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cache-hit-optimisation https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cache-hit-optimisation Tue, 27 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Azure DevOps Supply Chain Hardening Guide]]> https://safeguard.sh/resources/blog/azure-devops-supply-chain-hardening-guide https://safeguard.sh/resources/blog/azure-devops-supply-chain-hardening-guide Tue, 27 Jan 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise RAG Security Rollout Antipatterns]]> https://safeguard.sh/resources/blog/enterprise-rag-security-rollout-antipatterns https://safeguard.sh/resources/blog/enterprise-rag-security-rollout-antipatterns Mon, 26 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[CWE Classification Accuracy: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cwe-classification-accuracy https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cwe-classification-accuracy Mon, 26 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Qwen for Code Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-qwen-for-code-security https://safeguard.sh/resources/blog/griffin-ai-vs-qwen-for-code-security Mon, 26 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cilium Tetragon Runtime Security with eBPF]]> https://safeguard.sh/resources/blog/cilium-tetragon-runtime-security-ebpf https://safeguard.sh/resources/blog/cilium-tetragon-runtime-security-ebpf Mon, 26 Jan 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Build a Software Supply Chain Program in 90 Days]]> https://safeguard.sh/resources/blog/how-to-build-a-software-supply-chain-program-90-days https://safeguard.sh/resources/blog/how-to-build-a-software-supply-chain-program-90-days Mon, 26 Jan 2026 09:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[SecBench Methodology Reviewed]]> https://safeguard.sh/resources/blog/ai-security-benchmark-secbench-methodology https://safeguard.sh/resources/blog/ai-security-benchmark-secbench-methodology Sun, 25 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Claude Sonnet for Remediation]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-sonnet-for-remediation https://safeguard.sh/resources/blog/griffin-ai-vs-claude-sonnet-for-remediation Sun, 25 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Data Residency Controls: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-data-residency-controls https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-data-residency-controls Sun, 25 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know]]> https://safeguard.sh/resources/blog/cisa-sbom-mandate-enforcement-begins https://safeguard.sh/resources/blog/cisa-sbom-mandate-enforcement-begins Sun, 25 Jan 2026 10:00:00 GMT Compliance hi@safeguard.sh (Bob) <![CDATA[Getting Started with Safeguard IDE Extension (VS Code)]]> https://safeguard.sh/resources/blog/getting-started-safeguard-ide-extension-vscode https://safeguard.sh/resources/blog/getting-started-safeguard-ide-extension-vscode Sun, 25 Jan 2026 10:00:00 GMT Tutorials hi@safeguard.sh (Shadab Khan) <![CDATA[Windows LDAP LSASS CVE-2024-49113 (LDAPNightmare)]]> https://safeguard.sh/resources/blog/cve-2024-49113-windows-ldap-lsass-rce https://safeguard.sh/resources/blog/cve-2024-49113-windows-ldap-lsass-rce Sun, 25 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[State of Software Supply Chain Security 2026]]> https://safeguard.sh/resources/blog/state-of-software-supply-chain-security-2026 https://safeguard.sh/resources/blog/state-of-software-supply-chain-security-2026 Sun, 25 Jan 2026 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Domain-Adapted LLMs For Vulnerability Detection in 2026]]> https://safeguard.sh/resources/blog/domain-adapted-llm-vulnerability-detection-2026 https://safeguard.sh/resources/blog/domain-adapted-llm-vulnerability-detection-2026 Sat, 24 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs GPT-4o: Security Limits Exposed]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-4o-security-limits https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-4o-security-limits Sat, 24 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Regression Testing on Fixes: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-regression-testing-on-fixes https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-regression-testing-on-fixes Sat, 24 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Prompt Injection as a Supply Chain Risk in 2026]]> https://safeguard.sh/resources/blog/prompt-injection-supply-chain-risk-2026 https://safeguard.sh/resources/blog/prompt-injection-supply-chain-risk-2026 Sat, 24 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[GitHub Actions: SHA-Pin Tags or Get Burned]]> https://safeguard.sh/resources/blog/github-actions-pinning-sha-vs-tag https://safeguard.sh/resources/blog/github-actions-pinning-sha-vs-tag Sat, 24 Jan 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Eagle 3.0 Release: Classifier Update]]> https://safeguard.sh/resources/blog/safeguard-eagle-3-0-release-malware-classifier https://safeguard.sh/resources/blog/safeguard-eagle-3-0-release-malware-classifier Sat, 24 Jan 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[Instruction/Data Conflation: Why Prompt Injection Persists]]> https://safeguard.sh/resources/blog/frontier-model-limit-instruction-data-conflation https://safeguard.sh/resources/blog/frontier-model-limit-instruction-data-conflation Fri, 23 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemini Code Assist: Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-code-assist-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-code-assist-for-security Fri, 23 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SPDX Coverage: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-spdx-coverage https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-spdx-coverage Fri, 23 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Clop/Cl0p Supply Chain Exploitation Patterns]]> https://safeguard.sh/resources/blog/clop-cl0p-supply-chain-exploitation-patterns https://safeguard.sh/resources/blog/clop-cl0p-supply-chain-exploitation-patterns Fri, 23 Jan 2026 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Knowledge Graph Architecture]]> https://safeguard.sh/resources/blog/safeguard-knowledge-graph-architecture-deep-dive https://safeguard.sh/resources/blog/safeguard-knowledge-graph-architecture-deep-dive Fri, 23 Jan 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[Polyfill.io CDN Supply Chain Attack: 100K+ Sites]]> https://safeguard.sh/resources/blog/polyfill-io-cdn-supply-chain-attack-june-2024 https://safeguard.sh/resources/blog/polyfill-io-cdn-supply-chain-attack-june-2024 Fri, 23 Jan 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Ecosystem Maturation: Where It's Going]]> https://safeguard.sh/resources/blog/ai-security-trend-mcp-ecosystem-maturation https://safeguard.sh/resources/blog/ai-security-trend-mcp-ecosystem-maturation Thu, 22 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[FedRAMP HIGH Posture: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-fedramp-high-posture https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-fedramp-high-posture Thu, 22 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Taint Propagation: Griffin AI vs Mythos Approaches]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-taint-propagation https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-taint-propagation Thu, 22 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[MCP Server Discovery Protocol Security]]> https://safeguard.sh/resources/blog/mcp-server-discovery-protocol-security https://safeguard.sh/resources/blog/mcp-server-discovery-protocol-security Thu, 22 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[A Healthcare System's Self-Healing Container Rollout]]> https://safeguard.sh/resources/blog/customer-story-healthcare-system-self-healing-containers https://safeguard.sh/resources/blog/customer-story-healthcare-system-self-healing-containers Thu, 22 Jan 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Hugging Face Pickle Backdoor Research 2025]]> https://safeguard.sh/resources/blog/huggingface-pickle-backdoor-research-2025 https://safeguard.sh/resources/blog/huggingface-pickle-backdoor-research-2025 Thu, 22 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Next-Generation Software Composition Analysis: Beyond Dependency Lists]]> https://safeguard.sh/resources/blog/software-composition-analysis-next-generation https://safeguard.sh/resources/blog/software-composition-analysis-next-generation Thu, 22 Jan 2026 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Why Scanning Alone Doesn't Work Anymore]]> https://safeguard.sh/resources/blog/why-scanning-alone-does-not-work-anymore-2026 https://safeguard.sh/resources/blog/why-scanning-alone-does-not-work-anymore-2026 Thu, 22 Jan 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AWS CodeBuild/CodePipeline Hardening in 2026]]> https://safeguard.sh/resources/blog/aws-codebuild-codepipeline-hardening-2026 https://safeguard.sh/resources/blog/aws-codebuild-codepipeline-hardening-2026 Thu, 22 Jan 2026 09:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cosign for Container Signing: A Production Setup]]> https://safeguard.sh/resources/blog/container-image-signing-with-cosign-production https://safeguard.sh/resources/blog/container-image-signing-with-cosign-production Thu, 22 Jan 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[npm Provenance Statements in Practice (2026)]]> https://safeguard.sh/resources/blog/npm-provenance-statements-practical-2026 https://safeguard.sh/resources/blog/npm-provenance-statements-practical-2026 Thu, 22 Jan 2026 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[OSS Malware Trends Q1 2026 (Safeguard Research)]]> https://safeguard.sh/resources/blog/safeguard-research-oss-malware-trends-q1-2026 https://safeguard.sh/resources/blog/safeguard-research-oss-malware-trends-q1-2026 Thu, 22 Jan 2026 09:00:00 GMT Research hi@safeguard.sh (Shadab Khan) <![CDATA[Tech-D Cybersecurity: A Joint Opportunity Under Review]]> https://safeguard.sh/resources/blog/safeguard-tech-d-cybersecurity-joint-opportunity https://safeguard.sh/resources/blog/safeguard-tech-d-cybersecurity-joint-opportunity Thu, 22 Jan 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Adversarial Resistance: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-adversarial-resistance https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-adversarial-resistance Wed, 21 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[CISA Secure by Design Pledge: Practical Impact]]> https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge-practical-impact https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge-practical-impact Wed, 21 Jan 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Veeam Backup CVE-2024-40711 Unauth RCE Walkthrough]]> https://safeguard.sh/resources/blog/cve-2024-40711-veeam-backup-rce https://safeguard.sh/resources/blog/cve-2024-40711-veeam-backup-rce Wed, 21 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Deserialization Vulnerabilities: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-deserialization-vulns https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-deserialization-vulns Tue, 20 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier]]> https://safeguard.sh/resources/blog/ai-agent-security-risks-2026 https://safeguard.sh/resources/blog/ai-agent-security-risks-2026 Tue, 20 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (James) <![CDATA[The npm 'everything' Package Attack (2024) Analyzed]]> https://safeguard.sh/resources/blog/npm-everything-package-attack-2024-analysis https://safeguard.sh/resources/blog/npm-everything-package-attack-2024-analysis Tue, 20 Jan 2026 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Pre-commit Hook Security Gotchas You'll Hit]]> https://safeguard.sh/resources/blog/pre-commit-hooks-security-gotchas https://safeguard.sh/resources/blog/pre-commit-hooks-security-gotchas Tue, 20 Jan 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[From DevOps to DevSecOps: A Practical Shift-Left Guide]]> https://safeguard.sh/resources/blog/devops-devsecops-shift-left https://safeguard.sh/resources/blog/devops-devsecops-shift-left Tue, 20 Jan 2026 00:00:00 GMT DevSecOps hi@safeguard.sh (Safeguard Team) <![CDATA[Griffin AI vs Cohere Command for SecOps]]> https://safeguard.sh/resources/blog/griffin-ai-vs-cohere-command-for-secops https://safeguard.sh/resources/blog/griffin-ai-vs-cohere-command-for-secops Mon, 19 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[The Disproof Step: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-disproof-step https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-disproof-step Mon, 19 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Model Tiering Strategy: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-model-tiering-strategy https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-model-tiering-strategy Mon, 19 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Distroless vs. Chainguard vs. Wolfi: Real Differences]]> https://safeguard.sh/resources/blog/distroless-vs-chainguard-vs-wolfi-base-images https://safeguard.sh/resources/blog/distroless-vs-chainguard-vs-wolfi-base-images Mon, 19 Jan 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Lottie Player npm Supply Chain Attack Explained]]> https://safeguard.sh/resources/blog/lottie-player-npm-supply-chain-attack https://safeguard.sh/resources/blog/lottie-player-npm-supply-chain-attack Mon, 19 Jan 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AI Safety Eval Datasets as Supply Chain]]> https://safeguard.sh/resources/blog/ai-safety-eval-datasets-supply-chain https://safeguard.sh/resources/blog/ai-safety-eval-datasets-supply-chain Sun, 18 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Enterprise AI Agent Deployment Lessons, 2026]]> https://safeguard.sh/resources/blog/enterprise-ai-agent-deployment-lessons-2026 https://safeguard.sh/resources/blog/enterprise-ai-agent-deployment-lessons-2026 Sun, 18 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Mistral Large for Remediation]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mistral-large-for-remediation https://safeguard.sh/resources/blog/griffin-ai-vs-mistral-large-for-remediation Sun, 18 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SSO & SCIM: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-enterprise-sso-scim https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-enterprise-sso-scim Sun, 18 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[The MCP Threat Model: What Actually Matters in 2026]]> https://safeguard.sh/resources/blog/model-context-protocol-threat-model-2026 https://safeguard.sh/resources/blog/model-context-protocol-threat-model-2026 Sun, 18 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Inside Safeguard's Reachability Engine]]> https://safeguard.sh/resources/blog/inside-safeguard-reachability-engine-architecture https://safeguard.sh/resources/blog/inside-safeguard-reachability-engine-architecture Sun, 18 Jan 2026 09:00:00 GMT Architecture hi@safeguard.sh (Shadab Khan) <![CDATA[SWE-Bench With Security Extensions: Field Review]]> https://safeguard.sh/resources/blog/ai-security-benchmark-swe-bench-security-extensions https://safeguard.sh/resources/blog/ai-security-benchmark-swe-bench-security-extensions Sat, 17 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Claude Opus for Triage]]> https://safeguard.sh/resources/blog/griffin-ai-vs-claude-opus-for-triage https://safeguard.sh/resources/blog/griffin-ai-vs-claude-opus-for-triage Sat, 17 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Auto-Fix Compile Rates: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-auto-fix-compile-rates https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-auto-fix-compile-rates Sat, 17 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[WinRAR CVE-2025-0411 Mark-of-the-Web Bypass]]> https://safeguard.sh/resources/blog/cve-2025-0411-winrar-mark-of-the-web-bypass https://safeguard.sh/resources/blog/cve-2025-0411-winrar-mark-of-the-web-bypass Sat, 17 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Fine-Tuning Security LLMs vs Grounding: Which Wins]]> https://safeguard.sh/resources/blog/fine-tuning-security-llm-vs-grounding-approach https://safeguard.sh/resources/blog/fine-tuning-security-llm-vs-grounding-approach Fri, 16 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[EU CRA Readiness: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eu-cra-readiness https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eu-cra-readiness Fri, 16 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs OpenAI Codex for Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-openai-codex-security https://safeguard.sh/resources/blog/griffin-ai-vs-openai-codex-security Fri, 16 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Secrets Management in CI Pipelines: 2026 Guide]]> https://safeguard.sh/resources/blog/secrets-management-in-ci-pipelines-2026 https://safeguard.sh/resources/blog/secrets-management-in-ci-pipelines-2026 Fri, 16 Jan 2026 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Anthropic MCP Security Model: A Deep Dive]]> https://safeguard.sh/resources/blog/anthropic-mcp-security-model-deep-dive https://safeguard.sh/resources/blog/anthropic-mcp-security-model-deep-dive Thu, 15 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Context Window As A Security Limit]]> https://safeguard.sh/resources/blog/frontier-model-limit-context-window-security https://safeguard.sh/resources/blog/frontier-model-limit-context-window-security Thu, 15 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Griffin AI vs Gemini Ultra for Security Reasoning]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-ultra-reasoning https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-ultra-reasoning Thu, 15 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[CycloneDX Support: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cyclonedx-support https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-cyclonedx-support Thu, 15 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[How a Fortune 500 Bank Ran Its SBOM Program]]> https://safeguard.sh/resources/blog/customer-story-fortune-500-bank-sbom-program-2026 https://safeguard.sh/resources/blog/customer-story-fortune-500-bank-sbom-program-2026 Thu, 15 Jan 2026 10:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[5 Software Supply Chain Security Trends Defining 2026]]> https://safeguard.sh/resources/blog/supply-chain-security-trends-2026 https://safeguard.sh/resources/blog/supply-chain-security-trends-2026 Thu, 15 Jan 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Training Data Provenance: The Regulatory Wave]]> https://safeguard.sh/resources/blog/ai-security-trend-training-data-provenance-regulation https://safeguard.sh/resources/blog/ai-security-trend-training-data-provenance-regulation Wed, 14 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Call Graph Depth Compared: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-call-graph-depth https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-call-graph-depth Wed, 14 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[EO 14028 Two Years In: What Actually Shipped]]> https://safeguard.sh/resources/blog/eo-14028-two-years-in-what-shipped https://safeguard.sh/resources/blog/eo-14028-two-years-in-what-shipped Wed, 14 Jan 2026 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[tj-actions/changed-files Compromise: What Happened]]> https://safeguard.sh/resources/blog/tj-actions-changed-files-compromise-march-2025 https://safeguard.sh/resources/blog/tj-actions-changed-files-compromise-march-2025 Wed, 14 Jan 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Eval Methodology: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eval-methodology https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-eval-methodology Tue, 13 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SQL Injection Chains: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sql-injection-chains https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sql-injection-chains Tue, 13 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[K8s Admission Controllers for Supply Chain Policy]]> https://safeguard.sh/resources/blog/kubernetes-admission-controller-supply-chain-policy https://safeguard.sh/resources/blog/kubernetes-admission-controller-supply-chain-policy Tue, 13 Jan 2026 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Apache OFBiz CVE-2024-38856 Pre-Auth RCE Analysis]]> https://safeguard.sh/resources/blog/cve-2024-38856-apache-ofbiz-pre-auth-rce https://safeguard.sh/resources/blog/cve-2024-38856-apache-ofbiz-pre-auth-rce Tue, 13 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Hypothesis Quality: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-hypothesis-quality https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-hypothesis-quality Mon, 12 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Zero-Knowledge Proofs for Supply Chain Attestation]]> https://safeguard.sh/resources/blog/zero-knowledge-proofs-supply-chain-attestation https://safeguard.sh/resources/blog/zero-knowledge-proofs-supply-chain-attestation Mon, 12 Jan 2026 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Scanning for AI Models: A New Frontier]]> https://safeguard.sh/resources/blog/ai-model-vulnerability-scanning https://safeguard.sh/resources/blog/ai-model-vulnerability-scanning Mon, 12 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Q4 2025 Release Recap]]> https://safeguard.sh/resources/blog/safeguard-changelog-q4-2025-recap https://safeguard.sh/resources/blog/safeguard-changelog-q4-2025-recap Mon, 12 Jan 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[Securing Claude Code MCP Server Deployments]]> https://safeguard.sh/resources/blog/securing-claude-code-mcp-server-deployments https://safeguard.sh/resources/blog/securing-claude-code-mcp-server-deployments Mon, 12 Jan 2026 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[XML Parsing Security: XXE, Billion Laughs, and Beyond]]> https://safeguard.sh/resources/blog/xml-parsing-security-xxe-billion-laughs https://safeguard.sh/resources/blog/xml-parsing-security-xxe-billion-laughs Mon, 12 Jan 2026 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Safeguard Explores Partnership With Tech-D Cybersecurity]]> https://safeguard.sh/resources/blog/safeguard-exploring-partnership-tech-d-cybersecurity https://safeguard.sh/resources/blog/safeguard-exploring-partnership-tech-d-cybersecurity Mon, 12 Jan 2026 09:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Air-Gapped Environments: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-air-gapped-environments https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-air-gapped-environments Sun, 11 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Per-Scan Token Cost: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-per-scan-token-cost https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-per-scan-token-cost Sun, 11 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs xAI Grok for Security]]> https://safeguard.sh/resources/blog/griffin-ai-vs-xai-grok-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-xai-grok-for-security Sun, 11 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise AI Security Rollout: The Governance Gap]]> https://safeguard.sh/resources/blog/enterprise-ai-security-rollout-governance-gap https://safeguard.sh/resources/blog/enterprise-ai-security-rollout-governance-gap Sat, 10 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Llama 3 for Security Workflows]]> https://safeguard.sh/resources/blog/griffin-ai-vs-llama-3-for-security https://safeguard.sh/resources/blog/griffin-ai-vs-llama-3-for-security Sat, 10 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Remediation PR Quality: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-remediation-pr-quality https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-remediation-pr-quality Sat, 10 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[The State of SBOM Adoption in 2026: Progress, Gaps, and Reality]]> https://safeguard.sh/resources/blog/state-of-sbom-adoption-2026 https://safeguard.sh/resources/blog/state-of-sbom-adoption-2026 Sat, 10 Jan 2026 10:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard Griffin 3.0 GA: What's New]]> https://safeguard.sh/resources/blog/safeguard-griffin-3-0-ga-release-announcement https://safeguard.sh/resources/blog/safeguard-griffin-3-0-ga-release-announcement Sat, 10 Jan 2026 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[CyberSecEval Reviewed: What It Measures]]> https://safeguard.sh/resources/blog/ai-security-benchmark-cybersecevval-review https://safeguard.sh/resources/blog/ai-security-benchmark-cybersecevval-review Fri, 09 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SSDF Attestation: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ssdf-attestation https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-ssdf-attestation Fri, 09 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Raw Claude for Security Workflow]]> https://safeguard.sh/resources/blog/griffin-ai-vs-raw-claude-security-workflow https://safeguard.sh/resources/blog/griffin-ai-vs-raw-claude-security-workflow Fri, 09 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Windows MSHTML Spoofing CVE-2024-43573 Explained]]> https://safeguard.sh/resources/blog/cve-2024-43573-windows-mshtml-spoofing https://safeguard.sh/resources/blog/cve-2024-43573-windows-mshtml-spoofing Fri, 09 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Ultralytics PyPI Compromise: Dec 2024 Post-Mortem]]> https://safeguard.sh/resources/blog/ultralytics-pypi-compromise-december-2024 https://safeguard.sh/resources/blog/ultralytics-pypi-compromise-december-2024 Fri, 09 Jan 2026 00:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AI Agent Tool-Scope Enforcement Patterns]]> https://safeguard.sh/resources/blog/ai-agent-tool-scope-enforcement-patterns https://safeguard.sh/resources/blog/ai-agent-tool-scope-enforcement-patterns Thu, 08 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Pure GPT-5 for Security Workflows]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-security-workflow https://safeguard.sh/resources/blog/griffin-ai-vs-gpt-5-security-workflow Thu, 08 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Reachability Analysis: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-reachability-analysis https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-reachability-analysis Thu, 08 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Specialised Security LLM vs Frontier Model: The Choice]]> https://safeguard.sh/resources/blog/specialised-security-llm-vs-frontier-model-choice https://safeguard.sh/resources/blog/specialised-security-llm-vs-frontier-model-choice Thu, 08 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Frontier Model Non-Determinism As A Security Limit]]> https://safeguard.sh/resources/blog/frontier-model-limit-non-determinism https://safeguard.sh/resources/blog/frontier-model-limit-non-determinism Wed, 07 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI vs Gemini Pro for Security Workflow]]> https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-pro-security-workflow https://safeguard.sh/resources/blog/griffin-ai-vs-gemini-pro-security-workflow Wed, 07 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Ingestion: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sbom-ingestion https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-sbom-ingestion Wed, 07 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Prompt Injection At Scale: 2026 Trend Review]]> https://safeguard.sh/resources/blog/ai-security-trend-prompt-injection-at-scale-2026 https://safeguard.sh/resources/blog/ai-security-trend-prompt-injection-at-scale-2026 Tue, 06 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Published Benchmarks: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-published-benchmarks https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-published-benchmarks Tue, 06 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Code-Generation Audit Trail Patterns]]> https://safeguard.sh/resources/blog/ai-code-generation-audit-trail-patterns https://safeguard.sh/resources/blog/ai-code-generation-audit-trail-patterns Mon, 05 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Zero-Day Discovery Pipelines: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-zero-day-pipeline https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-zero-day-pipeline Mon, 05 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard Q3 2025 Release Recap]]> https://safeguard.sh/resources/blog/safeguard-changelog-q3-2025-recap https://safeguard.sh/resources/blog/safeguard-changelog-q3-2025-recap Mon, 05 Jan 2026 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard v5: One Year In — What We Built, What We Learned]]> https://safeguard.sh/resources/blog/safeguard-v5-one-year-anniversary https://safeguard.sh/resources/blog/safeguard-v5-one-year-anniversary Mon, 05 Jan 2026 09:00:00 GMT Product hi@safeguard.sh (Yukti Singhal) <![CDATA[Apache Struts CVE-2024-53677: The Path Traversal RCE]]> https://safeguard.sh/resources/blog/cve-2024-53677-apache-struts-rce-deep-dive https://safeguard.sh/resources/blog/cve-2024-53677-apache-struts-rce-deep-dive Mon, 05 Jan 2026 00:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Risk Management: Beyond Vulnerability Scanning]]> https://safeguard.sh/resources/blog/open-source-risk-management https://safeguard.sh/resources/blog/open-source-risk-management Mon, 05 Jan 2026 00:00:00 GMT Open Source hi@safeguard.sh (Safeguard Team) <![CDATA[On-Prem Deployment: Griffin AI vs Mythos]]> https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-on-premises-deployment https://safeguard.sh/resources/blog/griffin-ai-vs-mythos-on-premises-deployment Sun, 04 Jan 2026 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Homomorphic Encryption in Software Supply Chains]]> https://safeguard.sh/resources/blog/homomorphic-encryption-software-supply-chain-use https://safeguard.sh/resources/blog/homomorphic-encryption-software-supply-chain-use Mon, 22 Dec 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[10 Predictions for Software Supply Chain Security in 2026]]> https://safeguard.sh/resources/blog/predictions-software-security-2026 https://safeguard.sh/resources/blog/predictions-software-security-2026 Mon, 22 Dec 2025 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Compliance in 2025: Tracking Global Mandates and Deadlines]]> https://safeguard.sh/resources/blog/sbom-compliance-global-mandate-tracker https://safeguard.sh/resources/blog/sbom-compliance-global-mandate-tracker Sat, 20 Dec 2025 10:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[AI Tool Confused-Deputy: A Deep Dive]]> https://safeguard.sh/resources/blog/ai-tool-confused-deputy-deep-dive https://safeguard.sh/resources/blog/ai-tool-confused-deputy-deep-dive Mon, 15 Dec 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[The 2025 Software Supply Chain Security Report: Summary]]> https://safeguard.sh/resources/blog/annual-sscs-report-summary-2025 https://safeguard.sh/resources/blog/annual-sscs-report-summary-2025 Mon, 15 Dec 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security in 2025: The Year in Review]]> https://safeguard.sh/resources/blog/software-supply-chain-security-2025-year-review https://safeguard.sh/resources/blog/software-supply-chain-security-2025-year-review Mon, 15 Dec 2025 10:00:00 GMT Industry Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[The Secure Software Development Lifecycle in 2025: What Actually Changed]]> https://safeguard.sh/resources/blog/secure-software-development-lifecycle-2025 https://safeguard.sh/resources/blog/secure-software-development-lifecycle-2025 Mon, 08 Dec 2025 09:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Prompt Injection Detection in Retrieval Systems]]> https://safeguard.sh/resources/blog/prompt-injection-detection-retrieval-systems https://safeguard.sh/resources/blog/prompt-injection-detection-retrieval-systems Tue, 02 Dec 2025 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[The ROI of Vulnerability Remediation Automation: Numbers That Justify the Investment]]> https://safeguard.sh/resources/blog/vulnerability-remediation-automation-roi https://safeguard.sh/resources/blog/vulnerability-remediation-automation-roi Mon, 01 Dec 2025 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Michael) <![CDATA[A Practical Kubernetes Operator Security Checklist]]> https://safeguard.sh/resources/blog/kubernetes-operator-security-checklist https://safeguard.sh/resources/blog/kubernetes-operator-security-checklist Fri, 28 Nov 2025 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Model Watermarking and Provenance]]> https://safeguard.sh/resources/blog/ai-model-watermarking-provenance-techniques https://safeguard.sh/resources/blog/ai-model-watermarking-provenance-techniques Tue, 25 Nov 2025 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard CLI v5: Faster, Smarter, More Extensible]]> https://safeguard.sh/resources/blog/safeguard-cli-v5-release https://safeguard.sh/resources/blog/safeguard-cli-v5-release Tue, 25 Nov 2025 09:00:00 GMT Product Launch hi@safeguard.sh (Yukti Singhal) <![CDATA[Software Supply Chain Security for Regulated Industries]]> https://safeguard.sh/resources/blog/supply-chain-security-for-regulated-industries https://safeguard.sh/resources/blog/supply-chain-security-for-regulated-industries Thu, 20 Nov 2025 10:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[Training Data Provenance for Enterprise Fine-Tuning]]> https://safeguard.sh/resources/blog/training-data-provenance-enterprise-fine-tuning https://safeguard.sh/resources/blog/training-data-provenance-enterprise-fine-tuning Tue, 18 Nov 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[npm Provenance: Adoption Tracking in Late 2025]]> https://safeguard.sh/resources/blog/npm-provenance-adoption-tracking-late-2025 https://safeguard.sh/resources/blog/npm-provenance-adoption-tracking-late-2025 Wed, 12 Nov 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[AI-Generated SBOMs: How Accurate Are They?]]> https://safeguard.sh/resources/blog/ai-generated-sboms-accuracy-assessment https://safeguard.sh/resources/blog/ai-generated-sboms-accuracy-assessment Wed, 12 Nov 2025 10:00:00 GMT SBOM hi@safeguard.sh (James) <![CDATA[Automating Open Source License Compliance: From Manual Audits to Continuous Enforcement]]> https://safeguard.sh/resources/blog/open-source-license-compliance-automation https://safeguard.sh/resources/blog/open-source-license-compliance-automation Sat, 08 Nov 2025 10:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[WebAssembly WASI Security Model in 2025]]> https://safeguard.sh/resources/blog/webassembly-wasi-security-model-2025 https://safeguard.sh/resources/blog/webassembly-wasi-security-model-2025 Wed, 05 Nov 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Software Provenance: An End-to-End Guide]]> https://safeguard.sh/resources/blog/software-provenance-end-to-end-guide https://safeguard.sh/resources/blog/software-provenance-end-to-end-guide Wed, 05 Nov 2025 10:00:00 GMT Build Security hi@safeguard.sh (Shadab Khan) <![CDATA[The Complete Guide to Dependency Lifecycle Management]]> https://safeguard.sh/resources/blog/dependency-lifecycle-management-guide https://safeguard.sh/resources/blog/dependency-lifecycle-management-guide Thu, 30 Oct 2025 10:00:00 GMT Best Practices hi@safeguard.sh (Bob) <![CDATA[DHS Software Assurance Guidance: A Review]]> https://safeguard.sh/resources/blog/dhs-software-assurance-guidance-2025 https://safeguard.sh/resources/blog/dhs-software-assurance-guidance-2025 Tue, 28 Oct 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Vulnerability Databases Compared: NVD, OSV, GitHub Advisory, and More]]> https://safeguard.sh/resources/blog/open-source-vulnerability-database-comparison https://safeguard.sh/resources/blog/open-source-vulnerability-database-comparison Wed, 22 Oct 2025 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[RAG Poisoning: Defenses That Work]]> https://safeguard.sh/resources/blog/retrieval-augmented-generation-poisoning-defenses https://safeguard.sh/resources/blog/retrieval-augmented-generation-poisoning-defenses Mon, 20 Oct 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Embedding Model Supply Chain Risks]]> https://safeguard.sh/resources/blog/embedding-model-supply-chain-risks https://safeguard.sh/resources/blog/embedding-model-supply-chain-risks Sat, 18 Oct 2025 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[ISO 27001:2022 Transition Deadline: The Approach]]> https://safeguard.sh/resources/blog/iso-27001-2022-transition-deadline-approach https://safeguard.sh/resources/blog/iso-27001-2022-transition-deadline-approach Wed, 15 Oct 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Introducing Safeguard Guardrails: Automated Policy Enforcement for Your Supply Chain]]> https://safeguard.sh/resources/blog/safeguard-guardrails-feature-release https://safeguard.sh/resources/blog/safeguard-guardrails-feature-release Wed, 15 Oct 2025 09:00:00 GMT Product Launch hi@safeguard.sh (Yukti Singhal) <![CDATA[CVSS 4.0 Scoring Adoption: What Changed]]> https://safeguard.sh/resources/blog/cvss-4-0-scoring-adoption-review https://safeguard.sh/resources/blog/cvss-4-0-scoring-adoption-review Fri, 10 Oct 2025 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[CISA's Software Identification Ecosystem: What You Need to Know]]> https://safeguard.sh/resources/blog/cisa-software-identification-ecosystem https://safeguard.sh/resources/blog/cisa-software-identification-ecosystem Fri, 10 Oct 2025 10:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[Prisma Cloud vs Wiz: Supply Chain Features]]> https://safeguard.sh/resources/blog/prisma-cloud-vs-wiz-supply-chain-features https://safeguard.sh/resources/blog/prisma-cloud-vs-wiz-supply-chain-features Thu, 02 Oct 2025 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Container SBOM Generation: Best Practices for 2025]]> https://safeguard.sh/resources/blog/container-sbom-generation-best-practices https://safeguard.sh/resources/blog/container-sbom-generation-best-practices Wed, 01 Oct 2025 10:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Supply Chain Attack Trends: Q3 2025]]> https://safeguard.sh/resources/blog/supply-chain-attack-trends-q3-2025 https://safeguard.sh/resources/blog/supply-chain-attack-trends-q3-2025 Thu, 25 Sep 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Attestation Frameworks Compared: SLSA, in-toto, and Sigstore]]> https://safeguard.sh/resources/blog/software-attestation-framework-comparison https://safeguard.sh/resources/blog/software-attestation-framework-comparison Thu, 25 Sep 2025 10:00:00 GMT Build Security hi@safeguard.sh (James) <![CDATA[TLS Library Comparison: OpenSSL vs. LibreSSL vs. BoringSSL]]> https://safeguard.sh/resources/blog/tls-library-comparison-openssl-libressl-boringssl https://safeguard.sh/resources/blog/tls-library-comparison-openssl-libressl-boringssl Sat, 20 Sep 2025 10:00:00 GMT Secure Development hi@safeguard.sh (Nayan Dey) <![CDATA[VEX Adoption in the Enterprise: Lessons From Early Adopters]]> https://safeguard.sh/resources/blog/vex-adoption-enterprise-case-studies https://safeguard.sh/resources/blog/vex-adoption-enterprise-case-studies Thu, 18 Sep 2025 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[AI Agent Memory: Security Risks]]> https://safeguard.sh/resources/blog/ai-agent-memory-security-risks https://safeguard.sh/resources/blog/ai-agent-memory-security-risks Mon, 15 Sep 2025 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[The HIPAA Security Rule Update and Your Supply Chain]]> https://safeguard.sh/resources/blog/hipaa-security-rule-update-supply-chain https://safeguard.sh/resources/blog/hipaa-security-rule-update-supply-chain Mon, 15 Sep 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Vector DB Security Considerations]]> https://safeguard.sh/resources/blog/vector-db-security-considerations-2025 https://safeguard.sh/resources/blog/vector-db-security-considerations-2025 Wed, 10 Sep 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Interoperability: Bridging CycloneDX and SPDX]]> https://safeguard.sh/resources/blog/sbom-interoperability-cyclonedx-spdx-bridge https://safeguard.sh/resources/blog/sbom-interoperability-cyclonedx-spdx-bridge Wed, 10 Sep 2025 10:00:00 GMT SBOM hi@safeguard.sh (Alex) <![CDATA[CNAPPs in 2025: What Cloud-Native Application Protection Platforms Actually Protect]]> https://safeguard.sh/resources/blog/cloud-native-application-protection-platforms https://safeguard.sh/resources/blog/cloud-native-application-protection-platforms Fri, 05 Sep 2025 10:00:00 GMT Cloud Security hi@safeguard.sh (Alex) <![CDATA[GenAI Code Review Tools: A 2025 Field Test]]> https://safeguard.sh/resources/blog/genai-code-review-tools-field-test-2025 https://safeguard.sh/resources/blog/genai-code-review-tools-field-test-2025 Tue, 02 Sep 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Supply Chain Attacks Targeting AI/ML Pipelines]]> https://safeguard.sh/resources/blog/supply-chain-attacks-targeting-ai-ml-pipelines https://safeguard.sh/resources/blog/supply-chain-attacks-targeting-ai-ml-pipelines Mon, 01 Sep 2025 10:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Open-Weight Model Sandboxing Patterns]]> https://safeguard.sh/resources/blog/open-weight-model-sandboxing-patterns https://safeguard.sh/resources/blog/open-weight-model-sandboxing-patterns Thu, 28 Aug 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard Desktop App: Supply Chain Security Without the Browser Tab]]> https://safeguard.sh/resources/blog/safeguard-desktop-app-release https://safeguard.sh/resources/blog/safeguard-desktop-app-release Mon, 25 Aug 2025 09:00:00 GMT Product Launch hi@safeguard.sh (Yukti Singhal) <![CDATA[How to Add Reachability Analysis to PR Checks]]> https://safeguard.sh/resources/blog/how-to-add-reachability-analysis-to-pr-checks https://safeguard.sh/resources/blog/how-to-add-reachability-analysis-to-pr-checks Wed, 20 Aug 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Runtime Threat Detection in Cloud-Native Environments]]> https://safeguard.sh/resources/blog/runtime-threat-detection-cloud-native https://safeguard.sh/resources/blog/runtime-threat-detection-cloud-native Mon, 18 Aug 2025 10:00:00 GMT Cloud Security hi@safeguard.sh (Michael) <![CDATA[EU NIS2 Directive: Enforcement at One Year]]> https://safeguard.sh/resources/blog/eu-nis2-directive-enforcement-first-year https://safeguard.sh/resources/blog/eu-nis2-directive-enforcement-first-year Fri, 15 Aug 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Local LLM Deployment: Enterprise Risks]]> https://safeguard.sh/resources/blog/local-llm-deployment-enterprise-risks https://safeguard.sh/resources/blog/local-llm-deployment-enterprise-risks Tue, 12 Aug 2025 12:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[Open Source Maintainer Succession Planning: A Supply Chain Imperative]]> https://safeguard.sh/resources/blog/open-source-maintainer-succession-planning https://safeguard.sh/resources/blog/open-source-maintainer-succession-planning Sun, 10 Aug 2025 10:00:00 GMT Open Source hi@safeguard.sh (Alex) <![CDATA[Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code]]> https://safeguard.sh/resources/blog/binary-sbom-analysis-reverse-engineering https://safeguard.sh/resources/blog/binary-sbom-analysis-reverse-engineering Fri, 08 Aug 2025 10:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Supply Chain Security Budget Justification]]> https://safeguard.sh/resources/blog/security-budget-justification-supply-chain-program https://safeguard.sh/resources/blog/security-budget-justification-supply-chain-program Tue, 05 Aug 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Quality Metrics: Moving Beyond Completeness]]> https://safeguard.sh/resources/blog/sbom-quality-metrics-beyond-completeness https://safeguard.sh/resources/blog/sbom-quality-metrics-beyond-completeness Fri, 01 Aug 2025 10:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Rust Memory Safety: A CVE Trend Analysis]]> https://safeguard.sh/resources/blog/rust-memory-safety-cve-trend-analysis https://safeguard.sh/resources/blog/rust-memory-safety-cve-trend-analysis Wed, 30 Jul 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Reachability Analysis in 2025: Separating Exploitable Vulnerabilities from Noise]]> https://safeguard.sh/resources/blog/reachability-analysis-state-of-the-art-2025 https://safeguard.sh/resources/blog/reachability-analysis-state-of-the-art-2025 Mon, 28 Jul 2025 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Citrix Bleed 2: Analysis and Mitigation]]> https://safeguard.sh/resources/blog/citrix-bleed-2-analysis https://safeguard.sh/resources/blog/citrix-bleed-2-analysis Fri, 25 Jul 2025 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Securing AI Agents: MCP Protocol Risks and Mitigations]]> https://safeguard.sh/resources/blog/securing-ai-agents-mcp-protocol-risks https://safeguard.sh/resources/blog/securing-ai-agents-mcp-protocol-risks Tue, 22 Jul 2025 10:00:00 GMT AI Security hi@safeguard.sh (James) <![CDATA[Artifactory vs Nexus for Enterprise in 2025]]> https://safeguard.sh/resources/blog/artifactory-vs-nexus-enterprise-2025 https://safeguard.sh/resources/blog/artifactory-vs-nexus-enterprise-2025 Wed, 16 Jul 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[The CVE Program Funding Crisis: What Happened and What It Means]]> https://safeguard.sh/resources/blog/cve-program-funding-crisis-and-resolution https://safeguard.sh/resources/blog/cve-program-funding-crisis-and-resolution Tue, 15 Jul 2025 10:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[MGM Ransomware One Year Later: A Retrospective]]> https://safeguard.sh/resources/blog/mgm-ransomware-one-year-later-retrospective https://safeguard.sh/resources/blog/mgm-ransomware-one-year-later-retrospective Fri, 11 Jul 2025 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Attacks: H1 2025 Report]]> https://safeguard.sh/resources/blog/software-supply-chain-attacks-h1-2025-report https://safeguard.sh/resources/blog/software-supply-chain-attacks-h1-2025-report Thu, 10 Jul 2025 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Nayan Dey) <![CDATA[Compliance Reporting with Safeguard: From Raw Data to Audit-Ready Documents]]> https://safeguard.sh/resources/blog/safeguard-compliance-reporting-guide https://safeguard.sh/resources/blog/safeguard-compliance-reporting-guide Tue, 08 Jul 2025 09:00:00 GMT Compliance hi@safeguard.sh (James) <![CDATA[Introducing the Safeguard MCP Server: AI-Native Software Supply Chain Security]]> https://safeguard.sh/resources/blog/safeguard-mcp-server-release https://safeguard.sh/resources/blog/safeguard-mcp-server-release Tue, 01 Jul 2025 09:00:00 GMT Product Launch hi@safeguard.sh (Yukti Singhal) <![CDATA[Japan AMED Software Supply Chain Guidance Overview]]> https://safeguard.sh/resources/blog/japan-amed-software-supply-chain-guidance https://safeguard.sh/resources/blog/japan-amed-software-supply-chain-guidance Wed, 25 Jun 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Building an Open Source Risk Intelligence Platform: Beyond Vulnerability Scanning]]> https://safeguard.sh/resources/blog/open-source-risk-intelligence-platform https://safeguard.sh/resources/blog/open-source-risk-intelligence-platform Wed, 25 Jun 2025 10:00:00 GMT Open Source Security hi@safeguard.sh (Alex) <![CDATA[Kubernetes 1.33 Security Deep Dive]]> https://safeguard.sh/resources/blog/kubernetes-1-33-security-deep-dive https://safeguard.sh/resources/blog/kubernetes-1-33-security-deep-dive Fri, 20 Jun 2025 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard Griffin AI: Autonomous Vulnerability Remediation That Actually Works]]> https://safeguard.sh/resources/blog/safeguard-griffin-ai-autonomous-remediation https://safeguard.sh/resources/blog/safeguard-griffin-ai-autonomous-remediation Sun, 15 Jun 2025 10:00:00 GMT Product hi@safeguard.sh (Bob) <![CDATA[Runbooks for Dependency Disclosure Events]]> https://safeguard.sh/resources/blog/runbooks-for-dependency-disclosure-events https://safeguard.sh/resources/blog/runbooks-for-dependency-disclosure-events Fri, 13 Jun 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[AI SBOMs and Model Cards: Building Transparency Into the AI Supply Chain]]> https://safeguard.sh/resources/blog/ai-sbom-model-cards-transparency-2025 https://safeguard.sh/resources/blog/ai-sbom-model-cards-transparency-2025 Tue, 10 Jun 2025 10:00:00 GMT AI Security hi@safeguard.sh (James) <![CDATA[How Safeguard Auto-Fix Actually Works Under the Hood]]> https://safeguard.sh/resources/blog/safeguard-auto-fix-how-it-works https://safeguard.sh/resources/blog/safeguard-auto-fix-how-it-works Thu, 05 Jun 2025 09:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[OWASP ASVS 5.0 Adoption Guide]]> https://safeguard.sh/resources/blog/owasp-asvs-5-0-adoption-guide https://safeguard.sh/resources/blog/owasp-asvs-5-0-adoption-guide Tue, 03 Jun 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security Maturity: Where Does Your Organization Stand?]]> https://safeguard.sh/resources/blog/software-supply-chain-maturity-assessment https://safeguard.sh/resources/blog/software-supply-chain-maturity-assessment Sun, 01 Jun 2025 10:00:00 GMT Frameworks hi@safeguard.sh (Shadab Khan) <![CDATA[Service Mesh for Supply Chain Policy Enforcement]]> https://safeguard.sh/resources/blog/service-mesh-supply-chain-policy-enforcement https://safeguard.sh/resources/blog/service-mesh-supply-chain-policy-enforcement Sat, 24 May 2025 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard IDE Extension v5: Security Feedback Where Developers Actually Work]]> https://safeguard.sh/resources/blog/safeguard-ide-extension-v5-deep-dive https://safeguard.sh/resources/blog/safeguard-ide-extension-v5-deep-dive Tue, 20 May 2025 10:00:00 GMT Product hi@safeguard.sh (Nayan Dey) <![CDATA[Enterprise Rails Security Audit: 2025 Field Notes]]> https://safeguard.sh/resources/blog/enterprise-ruby-on-rails-security-audit-2025 https://safeguard.sh/resources/blog/enterprise-ruby-on-rails-security-audit-2025 Fri, 16 May 2025 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Coinbase Social Engineering and Insider Threat: How Bribed Support Agents Led to a $400M Breach]]> https://safeguard.sh/resources/blog/coinbase-social-engineering-insider-threat https://safeguard.sh/resources/blog/coinbase-social-engineering-insider-threat Thu, 15 May 2025 10:00:00 GMT Breach Analysis hi@safeguard.sh (Alex) <![CDATA[Vulnerability Prioritization in 2025: EPSS, VEX, and the End of CVSS-Only Triage]]> https://safeguard.sh/resources/blog/vulnerability-prioritization-epss-vex-2025 https://safeguard.sh/resources/blog/vulnerability-prioritization-epss-vex-2025 Thu, 15 May 2025 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Yukti Singhal) <![CDATA[Dior Customer Data Breach 2025: Luxury Fashion's Cybersecurity Problem]]> https://safeguard.sh/resources/blog/dior-customer-data-breach-2025 https://safeguard.sh/resources/blog/dior-customer-data-breach-2025 Mon, 12 May 2025 10:00:00 GMT Breach Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Choosing a Private Package Registry in 2025]]> https://safeguard.sh/resources/blog/choosing-a-private-package-registry-2025 https://safeguard.sh/resources/blog/choosing-a-private-package-registry-2025 Thu, 08 May 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Enterprise Software Supply Chain Management with Safeguard ESSCM]]> https://safeguard.sh/resources/blog/safeguard-esscm-enterprise-guide https://safeguard.sh/resources/blog/safeguard-esscm-enterprise-guide Thu, 08 May 2025 09:00:00 GMT Product hi@safeguard.sh (Nayan Dey) <![CDATA[Container Hardening Guide 2025: From Base Image to Production]]> https://safeguard.sh/resources/blog/container-hardening-guide-2025 https://safeguard.sh/resources/blog/container-hardening-guide-2025 Mon, 05 May 2025 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Harrods Cyber Attack: The UK Retail Sector Under Sustained Assault]]> https://safeguard.sh/resources/blog/harrods-cyber-attack-retail-sector https://safeguard.sh/resources/blog/harrods-cyber-attack-retail-sector Thu, 01 May 2025 10:00:00 GMT Breach Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Commvault CVE-2025-34028: SSRF to RCE in Enterprise Backup Software]]> https://safeguard.sh/resources/blog/commvault-cve-2025-34028-ssrf-rce https://safeguard.sh/resources/blog/commvault-cve-2025-34028-ssrf-rce Thu, 01 May 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[AWS Service-Linked Role Abuse Techniques, 2025]]> https://safeguard.sh/resources/blog/aws-service-linked-role-abuse-techniques https://safeguard.sh/resources/blog/aws-service-linked-role-abuse-techniques Mon, 28 Apr 2025 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Audio Processing Library Vulnerabilities: The Sound of Exploitation]]> https://safeguard.sh/resources/blog/audio-processing-library-vulnerabilities https://safeguard.sh/resources/blog/audio-processing-library-vulnerabilities Mon, 28 Apr 2025 10:00:00 GMT Vulnerability Research hi@safeguard.sh (Alex) <![CDATA[Nova Scotia Power Cyber Incident: When Critical Infrastructure Gets Hit]]> https://safeguard.sh/resources/blog/nova-scotia-power-cyber-incident https://safeguard.sh/resources/blog/nova-scotia-power-cyber-incident Mon, 28 Apr 2025 10:00:00 GMT Breach Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[SAP NetWeaver CVE-2025-31324: Unrestricted File Upload Zero-Day]]> https://safeguard.sh/resources/blog/sap-netweaver-cve-2025-31324-zero-day https://safeguard.sh/resources/blog/sap-netweaver-cve-2025-31324-zero-day Thu, 24 Apr 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[Marks & Spencer DragonForce Ransomware Attack: Retail Giant Brought to Its Knees]]> https://safeguard.sh/resources/blog/marks-spencer-dragonforce-ransomware https://safeguard.sh/resources/blog/marks-spencer-dragonforce-ransomware Tue, 22 Apr 2025 10:00:00 GMT Breach Analysis hi@safeguard.sh (Michael) <![CDATA[DevSecOps Tools Comparison 2025: Choosing the Right Stack]]> https://safeguard.sh/resources/blog/devsecops-tools-comparison-2025 https://safeguard.sh/resources/blog/devsecops-tools-comparison-2025 Sun, 20 Apr 2025 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard Portal Deep Dive: Navigating the Security Dashboard]]> https://safeguard.sh/resources/blog/safeguard-portal-deep-dive https://safeguard.sh/resources/blog/safeguard-portal-deep-dive Sun, 20 Apr 2025 09:00:00 GMT Product hi@safeguard.sh (Yukti Singhal) <![CDATA[Erlang/OTP SSH CVE-2025-32433: Unauthenticated RCE Scoring 10.0]]> https://safeguard.sh/resources/blog/erlang-otp-ssh-cve-2025-32433-rce https://safeguard.sh/resources/blog/erlang-otp-ssh-cve-2025-32433-rce Wed, 16 Apr 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Rust Supply Chain: cargo-vet Expansion in 2025]]> https://safeguard.sh/resources/blog/rust-supply-chain-cargo-vet-expansion-2025 https://safeguard.sh/resources/blog/rust-supply-chain-cargo-vet-expansion-2025 Tue, 15 Apr 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Windows NTLM Hash Disclosure CVE-2025-24054: The Protocol That Won't Die]]> https://safeguard.sh/resources/blog/windows-ntlm-hash-disclosure-cve-2025-24054 https://safeguard.sh/resources/blog/windows-ntlm-hash-disclosure-cve-2025-24054 Tue, 15 Apr 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[How to Test Your Signing Pipeline End to End]]> https://safeguard.sh/resources/blog/how-to-test-your-signing-pipeline-end-to-end https://safeguard.sh/resources/blog/how-to-test-your-signing-pipeline-end-to-end Thu, 10 Apr 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Software Transparency Goes Global: Regulatory Developments in 2025]]> https://safeguard.sh/resources/blog/software-transparency-global-regulations-2025 https://safeguard.sh/resources/blog/software-transparency-global-regulations-2025 Thu, 10 Apr 2025 09:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Bounty Program Scoping for Dependencies]]> https://safeguard.sh/resources/blog/bounty-program-scoping-for-dependencies https://safeguard.sh/resources/blog/bounty-program-scoping-for-dependencies Tue, 08 Apr 2025 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[CrushFTP CVE-2025-31161: Authentication Bypass Exploited in the Wild]]> https://safeguard.sh/resources/blog/crushftp-cve-2025-31161-authentication-bypass https://safeguard.sh/resources/blog/crushftp-cve-2025-31161-authentication-bypass Mon, 07 Apr 2025 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[MCP Server Authentication and Authorization: Securing the AI Tool Layer]]> https://safeguard.sh/resources/blog/mcp-server-authentication-authorization https://safeguard.sh/resources/blog/mcp-server-authentication-authorization Sat, 05 Apr 2025 10:00:00 GMT AI Security hi@safeguard.sh (Alex) <![CDATA[Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product]]> https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2025-22457 https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2025-22457 Thu, 03 Apr 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[npm Supply Chain Attacks Q1 2025: Dependency Confusion, Typosquatting, and Maintainer Takeovers]]> https://safeguard.sh/resources/blog/supply-chain-attacks-npm-2025-q1 https://safeguard.sh/resources/blog/supply-chain-attacks-npm-2025-q1 Tue, 01 Apr 2025 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[Supply Chain Security Metrics for Executive Reporting]]> https://safeguard.sh/resources/blog/supply-chain-security-metrics-executive-reporting https://safeguard.sh/resources/blog/supply-chain-security-metrics-executive-reporting Fri, 28 Mar 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI Malicious Packages 2025: Python's Growing Supply Chain Problem]]> https://safeguard.sh/resources/blog/pypi-malicious-packages-2025-report https://safeguard.sh/resources/blog/pypi-malicious-packages-2025-report Fri, 28 Mar 2025 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Oracle Critical Control Baseline: Regulatory Impact]]> https://safeguard.sh/resources/blog/oracle-ccb-regulatory-impact-analysis https://safeguard.sh/resources/blog/oracle-ccb-regulatory-impact-analysis Tue, 25 Mar 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Chrome Zero-Day CVE-2025-2783: Sandbox Escape Used in Espionage Campaign]]> https://safeguard.sh/resources/blog/chrome-zero-day-cve-2025-2783-kaspersky https://safeguard.sh/resources/blog/chrome-zero-day-cve-2025-2783-kaspersky Tue, 25 Mar 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Next.js Middleware Authorization Bypass: CVE-2025-29927]]> https://safeguard.sh/resources/blog/next-js-middleware-cve-2025-29927 https://safeguard.sh/resources/blog/next-js-middleware-cve-2025-29927 Fri, 21 Mar 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Scattered Spider 2025: How the Most Dangerous Social Engineering Group Evolved]]> https://safeguard.sh/resources/blog/scattered-spider-2025-evolution https://safeguard.sh/resources/blog/scattered-spider-2025-evolution Thu, 20 Mar 2025 10:00:00 GMT Threat Intelligence hi@safeguard.sh (James) <![CDATA[Confidential Computing in Supply Chain Integration]]> https://safeguard.sh/resources/blog/confidential-computing-supply-chain-integration https://safeguard.sh/resources/blog/confidential-computing-supply-chain-integration Tue, 18 Mar 2025 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation]]> https://safeguard.sh/resources/blog/cisa-known-exploited-vulnerabilities-2025-update https://safeguard.sh/resources/blog/cisa-known-exploited-vulnerabilities-2025-update Tue, 18 Mar 2025 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Michael) <![CDATA[GitHub Actions Supply Chain Attack: The tj-actions/changed-files Compromise]]> https://safeguard.sh/resources/blog/github-actions-supply-chain-attack-tj-actions https://safeguard.sh/resources/blog/github-actions-supply-chain-attack-tj-actions Sat, 15 Mar 2025 08:00:00 GMT Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[FedRAMP Continuous Monitoring Automation Playbook]]> https://safeguard.sh/resources/blog/fedramp-continuous-monitoring-automation-2025 https://safeguard.sh/resources/blog/fedramp-continuous-monitoring-automation-2025 Wed, 12 Mar 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Apple WebKit Zero-Day CVE-2025-24201: Out-of-Bounds Write Exploited in the Wild]]> https://safeguard.sh/resources/blog/apple-webkit-zero-day-cve-2025-24201 https://safeguard.sh/resources/blog/apple-webkit-zero-day-cve-2025-24201 Wed, 12 Mar 2025 10:00:00 GMT Zero-Day Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Attestation Requirements: A Roadmap Read]]> https://safeguard.sh/resources/blog/pypi-attestation-requirements-roadmap https://safeguard.sh/resources/blog/pypi-attestation-requirements-roadmap Mon, 10 Mar 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[AI Agent Tool Calling Security: Risks and Mitigations]]> https://safeguard.sh/resources/blog/ai-agent-tool-calling-security https://safeguard.sh/resources/blog/ai-agent-tool-calling-security Mon, 10 Mar 2025 10:00:00 GMT AI Security hi@safeguard.sh (Bob) <![CDATA[Open Source Security Census 2025: Who Maintains the Code We All Depend On?]]> https://safeguard.sh/resources/blog/open-source-security-census-2025 https://safeguard.sh/resources/blog/open-source-security-census-2025 Sat, 08 Mar 2025 10:00:00 GMT Industry Analysis hi@safeguard.sh (Alex) <![CDATA[Video Codec Supply Chain Risks: The Hidden Attack Surface in Media Libraries]]> https://safeguard.sh/resources/blog/video-codec-supply-chain-risks https://safeguard.sh/resources/blog/video-codec-supply-chain-risks Wed, 05 Mar 2025 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[AI Agent Frameworks: A Security Assessment of the New Autonomous Frontier]]> https://safeguard.sh/resources/blog/ai-agent-frameworks-security-assessment https://safeguard.sh/resources/blog/ai-agent-frameworks-security-assessment Wed, 05 Mar 2025 09:00:00 GMT AI Security hi@safeguard.sh (Michael) <![CDATA[How to Monitor Go Module Substitution Attacks]]> https://safeguard.sh/resources/blog/how-to-monitor-go-module-substitution-attacks https://safeguard.sh/resources/blog/how-to-monitor-go-module-substitution-attacks Tue, 04 Mar 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Broadcom VMware Zero-Days March 2025: ESXi, Workstation, and Fusion Under Active Attack]]> https://safeguard.sh/resources/blog/broadcom-vmware-zero-days-march-2025 https://safeguard.sh/resources/blog/broadcom-vmware-zero-days-march-2025 Tue, 04 Mar 2025 10:00:00 GMT Zero-Day Analysis hi@safeguard.sh (Bob) <![CDATA[Paragon Partition Manager BYOVD: CVE-2025-0289 Kernel-Level Exploitation]]> https://safeguard.sh/resources/blog/paragon-partition-manager-cve-2025-0289 https://safeguard.sh/resources/blog/paragon-partition-manager-cve-2025-0289 Sat, 01 Mar 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[LLM-Augmented Bug Discovery Methodology]]> https://safeguard.sh/resources/blog/llm-augmented-bug-discovery-methodology https://safeguard.sh/resources/blog/llm-augmented-bug-discovery-methodology Tue, 25 Feb 2025 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security: An Executive Guide for 2025]]> https://safeguard.sh/resources/blog/supply-chain-security-executive-guide-2025 https://safeguard.sh/resources/blog/supply-chain-security-executive-guide-2025 Tue, 25 Feb 2025 09:00:00 GMT Industry Analysis hi@safeguard.sh (Bob) <![CDATA[GitLab CI/CD Security Hardening for 2025]]> https://safeguard.sh/resources/blog/gitlab-cicd-security-hardening-2025 https://safeguard.sh/resources/blog/gitlab-cicd-security-hardening-2025 Thu, 20 Feb 2025 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Juniper Router CVE-2025-21589: Authentication Bypass That Puts Network Perimeters at Risk]]> https://safeguard.sh/resources/blog/juniper-router-cve-2025-21589-auth-bypass https://safeguard.sh/resources/blog/juniper-router-cve-2025-21589-auth-bypass Thu, 20 Feb 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[MCP Protocol Security: What the Model Context Protocol Means for Supply Chains]]> https://safeguard.sh/resources/blog/mcp-protocol-security-implications https://safeguard.sh/resources/blog/mcp-protocol-security-implications Thu, 20 Feb 2025 10:00:00 GMT AI Security hi@safeguard.sh (Alex) <![CDATA[Qilin Ransomware Group: Dissecting a Rising Threat Actor]]> https://safeguard.sh/resources/blog/qilin-ransomware-group-analysis https://safeguard.sh/resources/blog/qilin-ransomware-group-analysis Thu, 20 Feb 2025 00:00:00 GMT Threat Intelligence hi@safeguard.sh (Nayan Dey) <![CDATA[Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms]]> https://safeguard.sh/resources/blog/microsoft-power-pages-cve-2025-24989 https://safeguard.sh/resources/blog/microsoft-power-pages-cve-2025-24989 Wed, 19 Feb 2025 11:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Canadian Cyber Centre Supply Chain Guidance]]> https://safeguard.sh/resources/blog/canadian-cyber-center-supply-chain-guidance https://safeguard.sh/resources/blog/canadian-cyber-center-supply-chain-guidance Tue, 18 Feb 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Python Cython Extensions and the Supply Chain]]> https://safeguard.sh/resources/blog/python-cython-extensions-supply-chain https://safeguard.sh/resources/blog/python-cython-extensions-supply-chain Fri, 14 Feb 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108]]> https://safeguard.sh/resources/blog/palo-alto-pan-os-cve-2025-0108-auth-bypass https://safeguard.sh/resources/blog/palo-alto-pan-os-cve-2025-0108-auth-bypass Wed, 12 Feb 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[AI Deepfake Phishing Campaigns in 2025: When Seeing and Hearing Isn't Believing]]> https://safeguard.sh/resources/blog/ai-deepfake-phishing-campaigns-2025 https://safeguard.sh/resources/blog/ai-deepfake-phishing-campaigns-2025 Mon, 10 Feb 2025 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Bob) <![CDATA[AI Code Assistants and Security: The Hidden Risks in 2025]]> https://safeguard.sh/resources/blog/ai-code-assistants-security-implications-2025 https://safeguard.sh/resources/blog/ai-code-assistants-security-implications-2025 Sat, 08 Feb 2025 10:00:00 GMT Industry Analysis hi@safeguard.sh (James) <![CDATA[2025 Bug Bounty Program Reforms: What Changed]]> https://safeguard.sh/resources/blog/cve-2025-bug-bounty-program-reform https://safeguard.sh/resources/blog/cve-2025-bug-bounty-program-reform Tue, 04 Feb 2025 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Zyxel Router Command Injection: CVE-2024-40891 Exploited in the Wild]]> https://safeguard.sh/resources/blog/zyxel-router-cve-2024-40891-exploitation https://safeguard.sh/resources/blog/zyxel-router-cve-2024-40891-exploitation Tue, 04 Feb 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[How to Run Grype in Offline/Airgap Environments]]> https://safeguard.sh/resources/blog/how-to-run-grype-in-offline-airgap-environments https://safeguard.sh/resources/blog/how-to-run-grype-in-offline-airgap-environments Tue, 28 Jan 2025 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[SonicWall SMA 1000 Zero-Day: CVE-2025-23006 Pre-Auth RCE]]> https://safeguard.sh/resources/blog/sonicwall-sma-cve-2025-23006-zero-day https://safeguard.sh/resources/blog/sonicwall-sma-cve-2025-23006-zero-day Wed, 22 Jan 2025 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Exploit Chaining: A Supply Chain Perspective]]> https://safeguard.sh/resources/blog/exploit-chaining-supply-chain-perspective https://safeguard.sh/resources/blog/exploit-chaining-supply-chain-perspective Mon, 20 Jan 2025 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Organization Accounts: The Security Model]]> https://safeguard.sh/resources/blog/pypi-organization-accounts-security-model https://safeguard.sh/resources/blog/pypi-organization-accounts-security-model Mon, 20 Jan 2025 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable]]> https://safeguard.sh/resources/blog/prompt-injection-supply-chain-risks https://safeguard.sh/resources/blog/prompt-injection-supply-chain-risks Mon, 20 Jan 2025 10:00:00 GMT AI Security hi@safeguard.sh (James) <![CDATA[Citrix NetScaler CVE-2025 Vulnerabilities: Another Year, Another Gateway Crisis]]> https://safeguard.sh/resources/blog/citrix-netscaler-cve-2025-vulnerabilities https://safeguard.sh/resources/blog/citrix-netscaler-cve-2025-vulnerabilities Sat, 18 Jan 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[The SBOM Compliance Landscape in 2025: What You Need to Know]]> https://safeguard.sh/resources/blog/sbom-compliance-landscape-2025 https://safeguard.sh/resources/blog/sbom-compliance-landscape-2025 Sat, 18 Jan 2025 10:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[DORA Operational Resilience: Software Implications]]> https://safeguard.sh/resources/blog/dora-operational-resilience-software-implications https://safeguard.sh/resources/blog/dora-operational-resilience-software-implications Fri, 17 Jan 2025 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat]]> https://safeguard.sh/resources/blog/medusa-ransomware-supply-chain-tactics https://safeguard.sh/resources/blog/medusa-ransomware-supply-chain-tactics Wed, 15 Jan 2025 00:00:00 GMT Threat Intelligence hi@safeguard.sh (Yukti Singhal) <![CDATA[Salt Typhoon Telco Intrusion: What We Know]]> https://safeguard.sh/resources/blog/salt-typhoon-telco-intrusion-analysis https://safeguard.sh/resources/blog/salt-typhoon-telco-intrusion-analysis Tue, 14 Jan 2025 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Fog Ransomware: Why the Education Sector Keeps Getting Hit]]> https://safeguard.sh/resources/blog/fog-ransomware-education-sector-attacks https://safeguard.sh/resources/blog/fog-ransomware-education-sector-attacks Tue, 14 Jan 2025 10:00:00 GMT Ransomware hi@safeguard.sh (Nayan Dey) <![CDATA[Fortinet FortiGate Authentication Bypass: CVE-2024-55591 Explained]]> https://safeguard.sh/resources/blog/fortinet-fortigate-auth-bypass-cve-2024-55591 https://safeguard.sh/resources/blog/fortinet-fortigate-auth-bypass-cve-2024-55591 Tue, 14 Jan 2025 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation]]> https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2025-0282-zero-day https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2025-0282-zero-day Wed, 08 Jan 2025 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard 5.0: The Next Generation of Software Supply Chain Security]]> https://safeguard.sh/resources/blog/safeguard-v5-release-announcement https://safeguard.sh/resources/blog/safeguard-v5-release-announcement Sun, 05 Jan 2025 08:00:00 GMT Product Update hi@safeguard.sh (Nayan Dey) <![CDATA[Space Industry Software Supply Chain: Emerging Reality]]> https://safeguard.sh/resources/blog/space-industry-software-supply-chain-emerging https://safeguard.sh/resources/blog/space-industry-software-supply-chain-emerging Sat, 28 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Zoom Incidents: Software Supply Chain Dimensions]]> https://safeguard.sh/resources/blog/zoom-incidents-software-supply-chain-dimensions https://safeguard.sh/resources/blog/zoom-incidents-software-supply-chain-dimensions Sat, 28 Dec 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[End-of-Year Security Planning: Setting Up Next Year for Success]]> https://safeguard.sh/resources/blog/end-of-year-security-planning-guide https://safeguard.sh/resources/blog/end-of-year-security-planning-guide Sat, 28 Dec 2024 09:00:00 GMT Security Strategy hi@safeguard.sh (James) <![CDATA[Data Pipeline Platform Migration Security]]> https://safeguard.sh/resources/blog/data-pipeline-platform-migration-security https://safeguard.sh/resources/blog/data-pipeline-platform-migration-security Sun, 22 Dec 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Digital Health HIPAA Supply Chain Intersection]]> https://safeguard.sh/resources/blog/digital-health-hipaa-supply-chain-intersection https://safeguard.sh/resources/blog/digital-health-hipaa-supply-chain-intersection Sun, 22 Dec 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Fulcio Certificate Lifecycle: Enterprise View]]> https://safeguard.sh/resources/blog/fulcio-certificate-lifecycle-enterprise https://safeguard.sh/resources/blog/fulcio-certificate-lifecycle-enterprise Sun, 22 Dec 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Software Supply Chain Security in 2024: A Year in Review]]> https://safeguard.sh/resources/blog/software-supply-chain-security-2024-year-review https://safeguard.sh/resources/blog/software-supply-chain-security-2024-year-review Sun, 22 Dec 2024 10:00:00 GMT Industry Trends hi@safeguard.sh (Nayan Dey) <![CDATA[eBPF Security Controls: A Production Experience Report]]> https://safeguard.sh/resources/blog/ebpf-security-controls-production-experience https://safeguard.sh/resources/blog/ebpf-security-controls-production-experience Fri, 20 Dec 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Post-Incident Vendor Coordination]]> https://safeguard.sh/resources/blog/post-incident-vendor-coordination https://safeguard.sh/resources/blog/post-incident-vendor-coordination Fri, 20 Dec 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Reproducible Builds Debian: The Long View]]> https://safeguard.sh/resources/blog/reproducible-builds-debian-long-view https://safeguard.sh/resources/blog/reproducible-builds-debian-long-view Fri, 20 Dec 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Software Supply Chain Security Predictions for 2025]]> https://safeguard.sh/resources/blog/supply-chain-security-predictions-2025 https://safeguard.sh/resources/blog/supply-chain-security-predictions-2025 Fri, 20 Dec 2024 10:00:00 GMT Industry Trends hi@safeguard.sh (Yukti Singhal) <![CDATA[The 2024 End-of-Year Vulnerability Disclosure Report]]> https://safeguard.sh/resources/blog/end-of-year-vulnerability-disclosure-report-2024 https://safeguard.sh/resources/blog/end-of-year-vulnerability-disclosure-report-2024 Wed, 18 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[MITRE ATT&CK Meets SSDF: A Mapping]]> https://safeguard.sh/resources/blog/mitre-attack-meets-ssdf-mapping https://safeguard.sh/resources/blog/mitre-attack-meets-ssdf-mapping Wed, 18 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[OpenTelemetry for Supply Chain Traces: Instrumenting the Pipeline]]> https://safeguard.sh/resources/blog/opentelemetry-for-supply-chain-traces https://safeguard.sh/resources/blog/opentelemetry-for-supply-chain-traces Wed, 18 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[RubyGems Reserved Namespace Claims]]> https://safeguard.sh/resources/blog/rubygems-reserved-namespace-claims https://safeguard.sh/resources/blog/rubygems-reserved-namespace-claims Wed, 18 Dec 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Rust Embedded Supply Chain Guide]]> https://safeguard.sh/resources/blog/rust-embedded-supply-chain-guide https://safeguard.sh/resources/blog/rust-embedded-supply-chain-guide Wed, 18 Dec 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Azure Sentinel for Supply Chain Detection]]> https://safeguard.sh/resources/blog/azure-sentinel-supply-chain-detection https://safeguard.sh/resources/blog/azure-sentinel-supply-chain-detection Sun, 15 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[BlackTech Firmware Supply Chain Operations]]> https://safeguard.sh/resources/blog/blacktech-firmware-supply-chain-operations https://safeguard.sh/resources/blog/blacktech-firmware-supply-chain-operations Sun, 15 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI Download Statistics as a Security Signal]]> https://safeguard.sh/resources/blog/pypi-download-statistics-as-security-signal https://safeguard.sh/resources/blog/pypi-download-statistics-as-security-signal Sun, 15 Dec 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Vulnerability Exploitation Trends in 2024: What the Data Shows]]> https://safeguard.sh/resources/blog/vulnerability-exploitation-trends-2024 https://safeguard.sh/resources/blog/vulnerability-exploitation-trends-2024 Sun, 15 Dec 2024 12:00:00 GMT Threat Intelligence hi@safeguard.sh (Yukti Singhal) <![CDATA[Coordinated Disclosure Zero-Day Playbook]]> https://safeguard.sh/resources/blog/coordinated-disclosure-zero-day-playbook https://safeguard.sh/resources/blog/coordinated-disclosure-zero-day-playbook Thu, 12 Dec 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[OSS Code of Conduct: Security Impact]]> https://safeguard.sh/resources/blog/oss-community-code-of-conduct-security-impact https://safeguard.sh/resources/blog/oss-community-code-of-conduct-security-impact Thu, 12 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Dev Machine Secrets: The Exfiltration Risks]]> https://safeguard.sh/resources/blog/dev-machine-secrets-exfiltration-risks https://safeguard.sh/resources/blog/dev-machine-secrets-exfiltration-risks Tue, 10 Dec 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Security Funding in 2024: Who Pays for the Code We All Depend On]]> https://safeguard.sh/resources/blog/open-source-security-funding-report-2024 https://safeguard.sh/resources/blog/open-source-security-funding-report-2024 Tue, 10 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Michael) <![CDATA[Turborepo Monorepo Supply Chain Security]]> https://safeguard.sh/resources/blog/turborepo-monorepo-supply-chain-security https://safeguard.sh/resources/blog/turborepo-monorepo-supply-chain-security Tue, 10 Dec 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Security Command Center Integration]]> https://safeguard.sh/resources/blog/gcp-security-command-center-integration https://safeguard.sh/resources/blog/gcp-security-command-center-integration Sun, 08 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[DevSecOps Automation Maturity in 2024: Where Teams Actually Stand]]> https://safeguard.sh/resources/blog/devsecops-automation-maturity-2024 https://safeguard.sh/resources/blog/devsecops-automation-maturity-2024 Thu, 05 Dec 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Alex) <![CDATA[Hardening GitLab vs GitHub Default Settings]]> https://safeguard.sh/resources/blog/hardening-gitlab-vs-github-default-settings https://safeguard.sh/resources/blog/hardening-gitlab-vs-github-default-settings Thu, 05 Dec 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Java SBOM Generation Tools Compared]]> https://safeguard.sh/resources/blog/java-supply-chain-sbom-generation-tools https://safeguard.sh/resources/blog/java-supply-chain-sbom-generation-tools Thu, 05 Dec 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Woodpecker CI Security Review]]> https://safeguard.sh/resources/blog/woodpecker-ci-security-review https://safeguard.sh/resources/blog/woodpecker-ci-security-review Mon, 02 Dec 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Container Security Best Practices for 2025: Beyond Image Scanning]]> https://safeguard.sh/resources/blog/container-security-best-practices-2025 https://safeguard.sh/resources/blog/container-security-best-practices-2025 Sun, 01 Dec 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Bob) <![CDATA[Crypto Exchange Supply Chain Hardening]]> https://safeguard.sh/resources/blog/crypto-exchange-supply-chain-hardening https://safeguard.sh/resources/blog/crypto-exchange-supply-chain-hardening Thu, 28 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Go Build Cache Poisoning Risks]]> https://safeguard.sh/resources/blog/go-build-cache-poisoning-risks https://safeguard.sh/resources/blog/go-build-cache-poisoning-risks Thu, 28 Nov 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[An npm Incident Response Playbook]]> https://safeguard.sh/resources/blog/npm-incident-response-playbook https://safeguard.sh/resources/blog/npm-incident-response-playbook Thu, 28 Nov 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Mailchimp 2022-2023 Incidents: A Timeline]]> https://safeguard.sh/resources/blog/mailchimp-2022-2023-incidents-timeline https://safeguard.sh/resources/blog/mailchimp-2022-2023-incidents-timeline Mon, 25 Nov 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[NYDFS 500 Meets SBOM Requirements]]> https://safeguard.sh/resources/blog/nydfs-500-meets-sbom-requirements https://safeguard.sh/resources/blog/nydfs-500-meets-sbom-requirements Mon, 25 Nov 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Zero Trust Principles Applied to the Software Supply Chain]]> https://safeguard.sh/resources/blog/zero-trust-software-supply-chain-2024 https://safeguard.sh/resources/blog/zero-trust-software-supply-chain-2024 Mon, 25 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Azure Monitor for Supply Chain Observability]]> https://safeguard.sh/resources/blog/azure-monitor-supply-chain-observability https://safeguard.sh/resources/blog/azure-monitor-supply-chain-observability Fri, 22 Nov 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[NIST CSF 2.0 Rollout: Field Observations]]> https://safeguard.sh/resources/blog/nist-csf-2-0-rollout-observations https://safeguard.sh/resources/blog/nist-csf-2-0-rollout-observations Fri, 22 Nov 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[NuGet Signed Packages Verification]]> https://safeguard.sh/resources/blog/nuget-signed-packages-verification https://safeguard.sh/resources/blog/nuget-signed-packages-verification Fri, 22 Nov 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Secrets Rotation Across Microservices: A Playbook]]> https://safeguard.sh/resources/blog/secrets-rotation-across-microservices https://safeguard.sh/resources/blog/secrets-rotation-across-microservices Fri, 22 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[FIN7: Financial-Sector Supply Chain Tradecraft]]> https://safeguard.sh/resources/blog/fin7-financial-sector-supply-chain-tradecraft https://safeguard.sh/resources/blog/fin7-financial-sector-supply-chain-tradecraft Wed, 20 Nov 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Provenance Attestation Consumer Workflow]]> https://safeguard.sh/resources/blog/provenance-attestation-consumer-workflow https://safeguard.sh/resources/blog/provenance-attestation-consumer-workflow Wed, 20 Nov 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[The Software Composition Analysis Market in 2024: Consolidation and Evolution]]> https://safeguard.sh/resources/blog/software-composition-analysis-market-2024 https://safeguard.sh/resources/blog/software-composition-analysis-market-2024 Wed, 20 Nov 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (James) <![CDATA[Automotive ISO/SAE 21434: Supply Chain Implications]]> https://safeguard.sh/resources/blog/automotive-iso-21434-supply-chain-implications https://safeguard.sh/resources/blog/automotive-iso-21434-supply-chain-implications Mon, 18 Nov 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Dataflow Analysis in Modern Codebases]]> https://safeguard.sh/resources/blog/dataflow-analysis-modern-codebases https://safeguard.sh/resources/blog/dataflow-analysis-modern-codebases Mon, 18 Nov 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Terraform Provider Security Review]]> https://safeguard.sh/resources/blog/gcp-terraform-provider-security-review https://safeguard.sh/resources/blog/gcp-terraform-provider-security-review Mon, 18 Nov 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Migrating VPN to Zero Trust: Supply Chain]]> https://safeguard.sh/resources/blog/migrating-vpn-to-zero-trust-supply-chain https://safeguard.sh/resources/blog/migrating-vpn-to-zero-trust-supply-chain Mon, 18 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Auditing Rust unsafe Code at Scale]]> https://safeguard.sh/resources/blog/rust-unsafe-code-audit-at-scale https://safeguard.sh/resources/blog/rust-unsafe-code-audit-at-scale Mon, 18 Nov 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Security Team Topology for a Supply Chain Program]]> https://safeguard.sh/resources/blog/security-team-topology-supply-chain-program https://safeguard.sh/resources/blog/security-team-topology-supply-chain-program Mon, 18 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Java Modules Supply Chain Security]]> https://safeguard.sh/resources/blog/java-modules-supply-chain-security https://safeguard.sh/resources/blog/java-modules-supply-chain-security Fri, 15 Nov 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[OpenSSF Launches SIREN: A Mailing List for Open Source Threat Intelligence]]> https://safeguard.sh/resources/blog/openssf-siren-mailing-list-launch https://safeguard.sh/resources/blog/openssf-siren-mailing-list-launch Fri, 15 Nov 2024 12:00:00 GMT Industry News hi@safeguard.sh (Nayan Dey) <![CDATA[Play Ransomware: Supply Chain Exploitation Through Managed Service Providers]]> https://safeguard.sh/resources/blog/play-ransomware-supply-chain-exploitation https://safeguard.sh/resources/blog/play-ransomware-supply-chain-exploitation Fri, 15 Nov 2024 10:00:00 GMT Ransomware hi@safeguard.sh (Bob) <![CDATA[How to Build a Vulnerability SLA Dashboard]]> https://safeguard.sh/resources/blog/how-to-build-a-vulnerability-sla-dashboard https://safeguard.sh/resources/blog/how-to-build-a-vulnerability-sla-dashboard Thu, 14 Nov 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Kata Containers Security Model Review]]> https://safeguard.sh/resources/blog/kata-containers-security-model-review https://safeguard.sh/resources/blog/kata-containers-security-model-review Thu, 14 Nov 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Grafana Loki for Build Pipeline Logs: Patterns That Scale]]> https://safeguard.sh/resources/blog/grafana-loki-build-pipeline-logs https://safeguard.sh/resources/blog/grafana-loki-build-pipeline-logs Tue, 12 Nov 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Signing Python Wheels in Production]]> https://safeguard.sh/resources/blog/python-wheel-signing-production-guide https://safeguard.sh/resources/blog/python-wheel-signing-production-guide Tue, 12 Nov 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Code Signing Infrastructure Breach Response]]> https://safeguard.sh/resources/blog/code-signing-infrastructure-breach-response https://safeguard.sh/resources/blog/code-signing-infrastructure-breach-response Sun, 10 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Cryptographic Bill of Materials (CBOM): The Next Frontier]]> https://safeguard.sh/resources/blog/cryptographic-bill-of-materials-cbom https://safeguard.sh/resources/blog/cryptographic-bill-of-materials-cbom Sun, 10 Nov 2024 11:00:00 GMT Standards hi@safeguard.sh (Shadab Khan) <![CDATA[Concourse CI Supply Chain Hardening]]> https://safeguard.sh/resources/blog/concourse-ci-supply-chain-hardening https://safeguard.sh/resources/blog/concourse-ci-supply-chain-hardening Fri, 08 Nov 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Earthly Containerized Builds Supply Chain]]> https://safeguard.sh/resources/blog/earthly-containerized-builds-supply-chain https://safeguard.sh/resources/blog/earthly-containerized-builds-supply-chain Fri, 08 Nov 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Quality Benchmarking: What We Found in 2024]]> https://safeguard.sh/resources/blog/sbom-quality-benchmarking-2024 https://safeguard.sh/resources/blog/sbom-quality-benchmarking-2024 Fri, 08 Nov 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Palo Alto Expedition CVE-2024-9463: Command Injection in Migration Tool]]> https://safeguard.sh/resources/blog/palo-alto-expedition-cve-2024-9463 https://safeguard.sh/resources/blog/palo-alto-expedition-cve-2024-9463 Thu, 07 Nov 2024 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[AWS IAM Roles Anywhere and the Supply Chain]]> https://safeguard.sh/resources/blog/aws-iam-roles-anywhere-supply-chain https://safeguard.sh/resources/blog/aws-iam-roles-anywhere-supply-chain Tue, 05 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[JRuby Supply Chain Considerations]]> https://safeguard.sh/resources/blog/jruby-supply-chain-considerations https://safeguard.sh/resources/blog/jruby-supply-chain-considerations Tue, 05 Nov 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Medusa Ransomware: How Supply Chain Infiltration Became Their Signature Move]]> https://safeguard.sh/resources/blog/medusa-ransomware-supply-chain-infiltration https://safeguard.sh/resources/blog/medusa-ransomware-supply-chain-infiltration Tue, 05 Nov 2024 10:00:00 GMT Ransomware hi@safeguard.sh (Shadab Khan) <![CDATA[Fog Ransomware: Why Schools and Universities Are Under Siege]]> https://safeguard.sh/resources/blog/fog-ransomware-education-sector-targeting https://safeguard.sh/resources/blog/fog-ransomware-education-sector-targeting Tue, 05 Nov 2024 00:00:00 GMT Threat Intelligence hi@safeguard.sh (James) <![CDATA[Security Tool Consolidation: Doing More With Less Without Losing Coverage]]> https://safeguard.sh/resources/blog/security-tool-consolidation-strategy https://safeguard.sh/resources/blog/security-tool-consolidation-strategy Tue, 05 Nov 2024 00:00:00 GMT Security Operations hi@safeguard.sh (Shadab Khan) <![CDATA[Forking Strategy for Enterprise OSS]]> https://safeguard.sh/resources/blog/forking-strategy-for-enterprise-oss https://safeguard.sh/resources/blog/forking-strategy-for-enterprise-oss Sat, 02 Nov 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Font File Vulnerability History: When Typography Becomes an Exploit]]> https://safeguard.sh/resources/blog/font-file-vulnerability-history https://safeguard.sh/resources/blog/font-file-vulnerability-history Sat, 02 Nov 2024 10:00:00 GMT Vulnerability Research hi@safeguard.sh (Shadab Khan) <![CDATA[NIST NVD Recovery: The New Consortium Reshaping Vulnerability Data]]> https://safeguard.sh/resources/blog/nist-nvd-recovery-new-consortium https://safeguard.sh/resources/blog/nist-nvd-recovery-new-consortium Fri, 01 Nov 2024 12:00:00 GMT Industry News hi@safeguard.sh (Yukti Singhal) <![CDATA[Reachability Analysis: Cutting Through Vulnerability Noise]]> https://safeguard.sh/resources/blog/safeguard-reachability-analysis-launch https://safeguard.sh/resources/blog/safeguard-reachability-analysis-launch Fri, 01 Nov 2024 10:00:00 GMT Product hi@safeguard.sh (Nayan Dey) <![CDATA[Scoping a Vulnerability Bounty Program for Supply Chain]]> https://safeguard.sh/resources/blog/vulnerability-bounty-program-scoping-for-supply-chain https://safeguard.sh/resources/blog/vulnerability-bounty-program-scoping-for-supply-chain Wed, 30 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[age + SOPS: A Git-Native Secrets Workflow]]> https://safeguard.sh/resources/blog/age-sops-git-native-secrets-workflow https://safeguard.sh/resources/blog/age-sops-git-native-secrets-workflow Mon, 28 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[EHR System Dependency Governance]]> https://safeguard.sh/resources/blog/ehr-system-dependency-governance https://safeguard.sh/resources/blog/ehr-system-dependency-governance Mon, 28 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Rust Procedural Macros: Security Risks]]> https://safeguard.sh/resources/blog/rust-procedural-macro-security-risks https://safeguard.sh/resources/blog/rust-procedural-macro-security-risks Mon, 28 Oct 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Buildkite Supply Chain Hardening]]> https://safeguard.sh/resources/blog/buildkite-supply-chain-hardening https://safeguard.sh/resources/blog/buildkite-supply-chain-hardening Fri, 25 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Differential Testing for Supply Chain Vulns]]> https://safeguard.sh/resources/blog/differential-testing-supply-chain-vulnerabilities https://safeguard.sh/resources/blog/differential-testing-supply-chain-vulnerabilities Fri, 25 Oct 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Foundation-Neutral Governance Evaluation]]> https://safeguard.sh/resources/blog/foundation-neutral-governance-evaluation https://safeguard.sh/resources/blog/foundation-neutral-governance-evaluation Fri, 25 Oct 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[OpenSSF Scorecard Adoption Metrics: Late 2024]]> https://safeguard.sh/resources/blog/openssf-scorecard-adoption-metrics-2024 https://safeguard.sh/resources/blog/openssf-scorecard-adoption-metrics-2024 Thu, 24 Oct 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cisco ASA and FTD CVE-2024-20481: Brute-Force DoS in VPN Services]]> https://safeguard.sh/resources/blog/cisco-asa-ftd-cve-2024-20481 https://safeguard.sh/resources/blog/cisco-asa-ftd-cve-2024-20481 Thu, 24 Oct 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[FortiJump: CVE-2024-47575 FortiManager Zero-Day Exploited at Scale]]> https://safeguard.sh/resources/blog/fortinet-fortimanager-cve-2024-47575 https://safeguard.sh/resources/blog/fortinet-fortimanager-cve-2024-47575 Wed, 23 Oct 2024 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[Buck2 (Meta) Build Security Considerations]]> https://safeguard.sh/resources/blog/buck2-meta-build-security-considerations https://safeguard.sh/resources/blog/buck2-meta-build-security-considerations Tue, 22 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Release Plugin Hardening]]> https://safeguard.sh/resources/blog/maven-release-plugin-hardening https://safeguard.sh/resources/blog/maven-release-plugin-hardening Tue, 22 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[On-Prem to Cloud Supply Chain Continuity]]> https://safeguard.sh/resources/blog/on-prem-to-cloud-supply-chain-continuity https://safeguard.sh/resources/blog/on-prem-to-cloud-supply-chain-continuity Tue, 22 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[React Native Supply Chain Risks in 2024]]> https://safeguard.sh/resources/blog/react-native-supply-chain-risks-2024 https://safeguard.sh/resources/blog/react-native-supply-chain-risks-2024 Tue, 22 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Slack 2022-2023 Incidents: Operational Retrospective]]> https://safeguard.sh/resources/blog/slack-2022-2023-incidents-operational-retrospective https://safeguard.sh/resources/blog/slack-2022-2023-incidents-operational-retrospective Sun, 20 Oct 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Typosquatting Meets AI: The New Threat of AI-Generated Package Names]]> https://safeguard.sh/resources/blog/typosquatting-ai-generated-package-names https://safeguard.sh/resources/blog/typosquatting-ai-generated-package-names Sun, 20 Oct 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[AWS SSM Parameter Store Security]]> https://safeguard.sh/resources/blog/aws-ssm-parameter-store-security https://safeguard.sh/resources/blog/aws-ssm-parameter-store-security Fri, 18 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[FedRAMP Meets STIG: Practical Mapping]]> https://safeguard.sh/resources/blog/fedramp-meets-stig-mapping-practical https://safeguard.sh/resources/blog/fedramp-meets-stig-mapping-practical Fri, 18 Oct 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Package Registry Forensic Log Analysis]]> https://safeguard.sh/resources/blog/package-registry-forensic-log-analysis https://safeguard.sh/resources/blog/package-registry-forensic-log-analysis Fri, 18 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Panther SIEM Supply Chain Rules: A Detection Engineering Playbook]]> https://safeguard.sh/resources/blog/panther-siem-supply-chain-rules https://safeguard.sh/resources/blog/panther-siem-supply-chain-rules Fri, 18 Oct 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption]]> https://safeguard.sh/resources/blog/cisa-sbom-sharing-lifecycle-2024 https://safeguard.sh/resources/blog/cisa-sbom-sharing-lifecycle-2024 Tue, 15 Oct 2024 12:00:00 GMT Compliance & Frameworks hi@safeguard.sh (Shadab Khan) <![CDATA[go generate Supply Chain Risks]]> https://safeguard.sh/resources/blog/go-generate-supply-chain-risks https://safeguard.sh/resources/blog/go-generate-supply-chain-risks Tue, 15 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[SLSA Build Provenance for Python Publish]]> https://safeguard.sh/resources/blog/slsa-build-provenance-for-python-publish https://safeguard.sh/resources/blog/slsa-build-provenance-for-python-publish Tue, 15 Oct 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[State and Local Government SBOM Mandates]]> https://safeguard.sh/resources/blog/state-local-government-sbom-mandates https://safeguard.sh/resources/blog/state-local-government-sbom-mandates Tue, 15 Oct 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Security Testing for LLM-Powered Applications]]> https://safeguard.sh/resources/blog/llm-application-security-testing https://safeguard.sh/resources/blog/llm-application-security-testing Tue, 15 Oct 2024 10:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[CycloneDX and SPDX: Why Safeguard Supports Both and How We Normalize Between Them]]> https://safeguard.sh/resources/blog/safeguard-cyclonedx-spdx-dual-support https://safeguard.sh/resources/blog/safeguard-cyclonedx-spdx-dual-support Tue, 15 Oct 2024 10:00:00 GMT Engineering hi@safeguard.sh (Michael) <![CDATA[dotnet restore Reproducibility Concerns]]> https://safeguard.sh/resources/blog/dotnet-restore-reproducibility-concerns https://safeguard.sh/resources/blog/dotnet-restore-reproducibility-concerns Sat, 12 Oct 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Azure App Service Deployment Security]]> https://safeguard.sh/resources/blog/azure-app-service-deployment-security https://safeguard.sh/resources/blog/azure-app-service-deployment-security Thu, 10 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Kimsuky Developer Targeting Analysis]]> https://safeguard.sh/resources/blog/kimsuky-developer-targeting-analysis https://safeguard.sh/resources/blog/kimsuky-developer-targeting-analysis Thu, 10 Oct 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[EU Cyber Resilience Act: Final Text Analysis and Compliance Roadmap]]> https://safeguard.sh/resources/blog/eu-cyber-resilience-act-final-text-analysis https://safeguard.sh/resources/blog/eu-cyber-resilience-act-final-text-analysis Thu, 10 Oct 2024 10:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[How to Rotate Build Signing Keys Safely]]> https://safeguard.sh/resources/blog/how-to-rotate-build-signing-keys-safely https://safeguard.sh/resources/blog/how-to-rotate-build-signing-keys-safely Tue, 08 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Ruby Native Extensions Supply Chain]]> https://safeguard.sh/resources/blog/ruby-native-extensions-supply-chain https://safeguard.sh/resources/blog/ruby-native-extensions-supply-chain Tue, 08 Oct 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Docker Hub Rate Limit Changes and CI Impact]]> https://safeguard.sh/resources/blog/docker-hub-rate-limit-policy-changes-2024 https://safeguard.sh/resources/blog/docker-hub-rate-limit-policy-changes-2024 Thu, 03 Oct 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Pub/Sub Security Configuration]]> https://safeguard.sh/resources/blog/gcp-pub-sub-security-configuration https://safeguard.sh/resources/blog/gcp-pub-sub-security-configuration Wed, 02 Oct 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard v3: Compliance-First Supply Chain Security]]> https://safeguard.sh/resources/blog/safeguard-v3-release-compliance-features https://safeguard.sh/resources/blog/safeguard-v3-release-compliance-features Tue, 01 Oct 2024 10:00:00 GMT Release hi@safeguard.sh (Yukti Singhal) <![CDATA[SBOM Adoption in 2024: Enterprise Survey Results and Reality Check]]> https://safeguard.sh/resources/blog/sbom-adoption-rates-enterprise-survey-2024 https://safeguard.sh/resources/blog/sbom-adoption-rates-enterprise-survey-2024 Tue, 01 Oct 2024 09:00:00 GMT SBOM hi@safeguard.sh (Yukti Singhal) <![CDATA[GraphQL Supply Chain Security Considerations]]> https://safeguard.sh/resources/blog/graphql-supply-chain-security-considerations https://safeguard.sh/resources/blog/graphql-supply-chain-security-considerations Mon, 30 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Volt Typhoon: Living-Off-the-Land and Supply Chain]]> https://safeguard.sh/resources/blog/volt-typhoon-living-off-the-land-supply-chain https://safeguard.sh/resources/blog/volt-typhoon-living-off-the-land-supply-chain Mon, 30 Sep 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Binary Authorization Policy Patterns]]> https://safeguard.sh/resources/blog/gcp-binary-authorization-policy-patterns https://safeguard.sh/resources/blog/gcp-binary-authorization-policy-patterns Sat, 28 Sep 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[CUPS Vulnerability Chain: Remote Code Execution via Linux Printing]]> https://safeguard.sh/resources/blog/cups-linux-rce-vulnerability-chain https://safeguard.sh/resources/blog/cups-linux-rce-vulnerability-chain Thu, 26 Sep 2024 12:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[AWS CDK Construct Library Security]]> https://safeguard.sh/resources/blog/aws-cdk-construct-library-security https://safeguard.sh/resources/blog/aws-cdk-construct-library-security Wed, 25 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Doppler Enterprise Secrets Platform Reviewed]]> https://safeguard.sh/resources/blog/doppler-enterprise-secrets-platform-review https://safeguard.sh/resources/blog/doppler-enterprise-secrets-platform-review Sun, 22 Sep 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source Foundation Governance Models]]> https://safeguard.sh/resources/blog/open-source-foundation-governance-models https://safeguard.sh/resources/blog/open-source-foundation-governance-models Sun, 22 Sep 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Witness Attestation Collection Workflow]]> https://safeguard.sh/resources/blog/witness-attestation-collection-workflow https://safeguard.sh/resources/blog/witness-attestation-collection-workflow Sun, 22 Sep 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Ransomware-as-a-Service in 2024: The Ecosystem That Won't Die]]> https://safeguard.sh/resources/blog/ransomware-as-a-service-ecosystem-2024 https://safeguard.sh/resources/blog/ransomware-as-a-service-ecosystem-2024 Sun, 22 Sep 2024 10:00:00 GMT Ransomware hi@safeguard.sh (Alex) <![CDATA[Fastify Security Posture in 2024]]> https://safeguard.sh/resources/blog/fastify-security-posture-2024 https://safeguard.sh/resources/blog/fastify-security-posture-2024 Fri, 20 Sep 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Kubernetes 1.30 and 1.31 Security Rundown]]> https://safeguard.sh/resources/blog/kubernetes-1-30-and-1-31-security-rundown https://safeguard.sh/resources/blog/kubernetes-1-30-and-1-31-security-rundown Fri, 20 Sep 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[RubyGems.org and Sigstore: Progress Check]]> https://safeguard.sh/resources/blog/rubygems-org-sigstore-integration-progress https://safeguard.sh/resources/blog/rubygems-org-sigstore-integration-progress Fri, 20 Sep 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cloud Workload Protection Platforms in 2024: What Actually Matters]]> https://safeguard.sh/resources/blog/cloud-workload-protection-platforms-2024 https://safeguard.sh/resources/blog/cloud-workload-protection-platforms-2024 Fri, 20 Sep 2024 10:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Qilin Ransomware and the Chrome Credential Harvesting Gambit]]> https://safeguard.sh/resources/blog/qilin-ransomware-credential-harvesting-techniques https://safeguard.sh/resources/blog/qilin-ransomware-credential-harvesting-techniques Fri, 20 Sep 2024 10:00:00 GMT Ransomware hi@safeguard.sh (James) <![CDATA[Dagger.io Supply Chain Pipelines]]> https://safeguard.sh/resources/blog/dagger-io-supply-chain-pipelines https://safeguard.sh/resources/blog/dagger-io-supply-chain-pipelines Wed, 18 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Database Platform Migration: Supply Chain]]> https://safeguard.sh/resources/blog/database-platform-migration-supply-chain https://safeguard.sh/resources/blog/database-platform-migration-supply-chain Wed, 18 Sep 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[GitGuardian vs TruffleHog: Secret Detection Showdown]]> https://safeguard.sh/resources/blog/gitguardian-vs-trufflehog-secret-detection https://safeguard.sh/resources/blog/gitguardian-vs-trufflehog-secret-detection Wed, 18 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Public-Sector Software Procurement Requirements]]> https://safeguard.sh/resources/blog/public-sector-software-procurement-requirements https://safeguard.sh/resources/blog/public-sector-software-procurement-requirements Wed, 18 Sep 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Typosquatting Detection at Scale]]> https://safeguard.sh/resources/blog/pypi-typosquatting-detection-at-scale https://safeguard.sh/resources/blog/pypi-typosquatting-detection-at-scale Wed, 18 Sep 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Kubernetes Service Mesh Policy Depth]]> https://safeguard.sh/resources/blog/kubernetes-service-mesh-policy-depth https://safeguard.sh/resources/blog/kubernetes-service-mesh-policy-depth Sun, 15 Sep 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[LastPass 2022-2023: A Retrospective at Depth]]> https://safeguard.sh/resources/blog/lastpass-2022-2023-retrospective-depth https://safeguard.sh/resources/blog/lastpass-2022-2023-retrospective-depth Sun, 15 Sep 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Intelligence Platforms Compared for Supply Chain Security]]> https://safeguard.sh/resources/blog/vulnerability-intelligence-platform-comparison https://safeguard.sh/resources/blog/vulnerability-intelligence-platform-comparison Sun, 15 Sep 2024 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[INC Ransom: Inside the Group Targeting Healthcare Infrastructure]]> https://safeguard.sh/resources/blog/inc-ransom-group-healthcare-attacks https://safeguard.sh/resources/blog/inc-ransom-group-healthcare-attacks Sun, 15 Sep 2024 00:00:00 GMT Threat Intelligence hi@safeguard.sh (Bob) <![CDATA[How to Validate SLSA Provenance in CI]]> https://safeguard.sh/resources/blog/how-to-validate-slsa-provenance-in-ci https://safeguard.sh/resources/blog/how-to-validate-slsa-provenance-in-ci Sat, 14 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[PCI DSS Meets SBOM Requirements]]> https://safeguard.sh/resources/blog/pci-dss-meets-sbom-requirements https://safeguard.sh/resources/blog/pci-dss-meets-sbom-requirements Sat, 14 Sep 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Supply Chain IoC Catalog]]> https://safeguard.sh/resources/blog/supply-chain-indicator-of-compromise-catalog https://safeguard.sh/resources/blog/supply-chain-indicator-of-compromise-catalog Sat, 14 Sep 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Ivanti Cloud Services Appliance CVE-2024-8963: Chained Exploitation]]> https://safeguard.sh/resources/blog/ivanti-csa-cve-2024-8963-exploitation https://safeguard.sh/resources/blog/ivanti-csa-cve-2024-8963-exploitation Fri, 13 Sep 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Healthtech FDA Software Supply Chain Guidance]]> https://safeguard.sh/resources/blog/healthtech-fda-software-supply-chain-guidance https://safeguard.sh/resources/blog/healthtech-fda-software-supply-chain-guidance Thu, 12 Sep 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Rust Feature Flags: Supply Chain Implications]]> https://safeguard.sh/resources/blog/rust-feature-flags-supply-chain-implications https://safeguard.sh/resources/blog/rust-feature-flags-supply-chain-implications Thu, 12 Sep 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[GitLab Pipeline Execution Vulnerability CVE-2024-6678: Running Pipelines as Any User]]> https://safeguard.sh/resources/blog/gitlab-pipeline-execution-cve-2024-6678 https://safeguard.sh/resources/blog/gitlab-pipeline-execution-cve-2024-6678 Thu, 12 Sep 2024 11:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[FluxCD Security Model in Production]]> https://safeguard.sh/resources/blog/fluxcd-security-model-production https://safeguard.sh/resources/blog/fluxcd-security-model-production Tue, 10 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Jenkins + Maven Integration Security]]> https://safeguard.sh/resources/blog/jenkins-maven-integration-security https://safeguard.sh/resources/blog/jenkins-maven-integration-security Sun, 08 Sep 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Office Document Macro Security: The Attack Vector That Will Not Die]]> https://safeguard.sh/resources/blog/office-document-macro-security https://safeguard.sh/resources/blog/office-document-macro-security Sun, 08 Sep 2024 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Nayan Dey) <![CDATA[Python Package Typosquatting in 2024: Scale, Tactics, and Defenses]]> https://safeguard.sh/resources/blog/python-package-typosquatting-2024-report https://safeguard.sh/resources/blog/python-package-typosquatting-2024-report Sun, 08 Sep 2024 10:00:00 GMT Supply Chain Security hi@safeguard.sh (James) <![CDATA[Datadog Security for Supply Chain Monitoring]]> https://safeguard.sh/resources/blog/datadog-security-supply-chain-monitoring https://safeguard.sh/resources/blog/datadog-security-supply-chain-monitoring Sun, 08 Sep 2024 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cisco ASA Firepower Zero-Day Trends, 2024 Edition]]> https://safeguard.sh/resources/blog/cisco-asa-firepower-zero-day-trends-2024 https://safeguard.sh/resources/blog/cisco-asa-firepower-zero-day-trends-2024 Thu, 05 Sep 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[.NET Source Generator Security Risks]]> https://safeguard.sh/resources/blog/dotnet-source-generator-security-risks https://safeguard.sh/resources/blog/dotnet-source-generator-security-risks Thu, 05 Sep 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Migrating to npm Granular Access Tokens]]> https://safeguard.sh/resources/blog/npm-granular-access-tokens-migration https://safeguard.sh/resources/blog/npm-granular-access-tokens-migration Thu, 05 Sep 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cross-Platform App Supply Chain Risks You Cannot Ignore]]> https://safeguard.sh/resources/blog/cross-platform-app-supply-chain-risks https://safeguard.sh/resources/blog/cross-platform-app-supply-chain-risks Thu, 05 Sep 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[North Korean Threat Actors Flood npm with Malicious Packages]]> https://safeguard.sh/resources/blog/npm-malicious-packages-north-korea-2024 https://safeguard.sh/resources/blog/npm-malicious-packages-north-korea-2024 Sun, 01 Sep 2024 08:00:00 GMT Threat Intelligence hi@safeguard.sh (Yukti Singhal) <![CDATA[PyPI Trusted Publishing: An Adoption Guide]]> https://safeguard.sh/resources/blog/pypi-trusted-publishing-adoption-guide https://safeguard.sh/resources/blog/pypi-trusted-publishing-adoption-guide Fri, 30 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Build Server Compromise Investigation]]> https://safeguard.sh/resources/blog/build-server-compromise-investigation https://safeguard.sh/resources/blog/build-server-compromise-investigation Wed, 28 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[CCPA Meets Software Supply Chain]]> https://safeguard.sh/resources/blog/ccpa-meets-software-supply-chain https://safeguard.sh/resources/blog/ccpa-meets-software-supply-chain Wed, 28 Aug 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Labyrinth Chollima and Open Source Targeting]]> https://safeguard.sh/resources/blog/labyrinth-chollima-open-source-targeting https://safeguard.sh/resources/blog/labyrinth-chollima-open-source-targeting Wed, 28 Aug 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Legacy COBOL Supply Chain Modernization: A Pragmatic Playbook]]> https://safeguard.sh/resources/blog/legacy-cobol-supply-chain-modernization https://safeguard.sh/resources/blog/legacy-cobol-supply-chain-modernization Wed, 28 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Please Build System Security Review]]> https://safeguard.sh/resources/blog/please-build-system-security-review https://safeguard.sh/resources/blog/please-build-system-security-review Wed, 28 Aug 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[SLSA Builder Requirements in Production]]> https://safeguard.sh/resources/blog/slsa-builder-requirements-production https://safeguard.sh/resources/blog/slsa-builder-requirements-production Wed, 28 Aug 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[A Framework for Security Patch Prioritization]]> https://safeguard.sh/resources/blog/security-patch-prioritization-framework https://safeguard.sh/resources/blog/security-patch-prioritization-framework Wed, 28 Aug 2024 09:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[UK NCSC Software Supply Chain Guidance Update]]> https://safeguard.sh/resources/blog/uk-ncsc-software-supply-chain-guidance-update https://safeguard.sh/resources/blog/uk-ncsc-software-supply-chain-guidance-update Mon, 26 Aug 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Azure Bicep vs ARM: Security Comparison]]> https://safeguard.sh/resources/blog/azure-bicep-vs-arm-security-comparison https://safeguard.sh/resources/blog/azure-bicep-vs-arm-security-comparison Sun, 25 Aug 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[CyberArk Conjur for Enterprise Secrets Management]]> https://safeguard.sh/resources/blog/conjur-secrets-management-enterprise https://safeguard.sh/resources/blog/conjur-secrets-management-enterprise Sun, 25 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[RubyGems Typosquatting Incidents: 2024]]> https://safeguard.sh/resources/blog/rubygems-typosquatting-incidents-2024 https://safeguard.sh/resources/blog/rubygems-typosquatting-incidents-2024 Sun, 25 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[CRI-O vs containerd: Security Comparison]]> https://safeguard.sh/resources/blog/cri-o-vs-containerd-security-comparison https://safeguard.sh/resources/blog/cri-o-vs-containerd-security-comparison Thu, 22 Aug 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Rust Tokio Dependency Security Review]]> https://safeguard.sh/resources/blog/rust-tokio-dependency-security-review https://safeguard.sh/resources/blog/rust-tokio-dependency-security-review Thu, 22 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Static Analysis False-Positive Reduction]]> https://safeguard.sh/resources/blog/static-analysis-false-positive-reduction-techniques https://safeguard.sh/resources/blog/static-analysis-false-positive-reduction-techniques Thu, 22 Aug 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[SonicWall SSL VPN CVE-2024-40766: Ransomware's Favorite Front Door]]> https://safeguard.sh/resources/blog/sonicwall-sslvpn-cve-2024-40766 https://safeguard.sh/resources/blog/sonicwall-sslvpn-cve-2024-40766 Thu, 22 Aug 2024 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[Zig's Memory Safety Model: A Security Analysis for Systems Programmers]]> https://safeguard.sh/resources/blog/zig-language-memory-safety-security https://safeguard.sh/resources/blog/zig-language-memory-safety-security Thu, 22 Aug 2024 00:00:00 GMT Language Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Telemedicine Supply Chain Privacy and Security]]> https://safeguard.sh/resources/blog/telemedicine-supply-chain-privacy-security https://safeguard.sh/resources/blog/telemedicine-supply-chain-privacy-security Tue, 20 Aug 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Incident Response Playbook: Supply Chain Compromise]]> https://safeguard.sh/resources/blog/incident-response-playbook-supply-chain-compromise https://safeguard.sh/resources/blog/incident-response-playbook-supply-chain-compromise Mon, 19 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Gradle Version Catalogs Security]]> https://safeguard.sh/resources/blog/gradle-version-catalogs-security https://safeguard.sh/resources/blog/gradle-version-catalogs-security Sun, 18 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Spinnaker Deployment Security Patterns]]> https://safeguard.sh/resources/blog/spinnaker-deployment-security-patterns https://safeguard.sh/resources/blog/spinnaker-deployment-security-patterns Sun, 18 Aug 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[The GitHub Dependabot Token Incident: Retrospective]]> https://safeguard.sh/resources/blog/github-dependabot-token-incident-retrospective https://safeguard.sh/resources/blog/github-dependabot-token-incident-retrospective Thu, 15 Aug 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[New Relic Security: Building a Supply Chain View]]> https://safeguard.sh/resources/blog/new-relic-security-supply-chain-view https://safeguard.sh/resources/blog/new-relic-security-supply-chain-view Thu, 15 Aug 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[NuGet Package Vulnerabilities Dashboard]]> https://safeguard.sh/resources/blog/nuget-package-vulnerabilities-dashboard https://safeguard.sh/resources/blog/nuget-package-vulnerabilities-dashboard Thu, 15 Aug 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Kubernetes 1.31 Security Improvements: What You Need to Know]]> https://safeguard.sh/resources/blog/kubernetes-1-31-security-improvements https://safeguard.sh/resources/blog/kubernetes-1-31-security-improvements Thu, 15 Aug 2024 11:00:00 GMT Cloud Security hi@safeguard.sh (Bob) <![CDATA[Deep Dive: Safeguard Container Scanning]]> https://safeguard.sh/resources/blog/safeguard-container-scanning-launch https://safeguard.sh/resources/blog/safeguard-container-scanning-launch Thu, 15 Aug 2024 10:00:00 GMT Product hi@safeguard.sh (Shadab Khan) <![CDATA[Security Data Lake Architecture for Supply Chain Intelligence]]> https://safeguard.sh/resources/blog/security-data-lake-architecture https://safeguard.sh/resources/blog/security-data-lake-architecture Thu, 15 Aug 2024 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Go Toolchain Distribution Security]]> https://safeguard.sh/resources/blog/go-toolchain-distribution-security https://safeguard.sh/resources/blog/go-toolchain-distribution-security Wed, 14 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[SolarWinds Post-Incident Governance Changes Reviewed]]> https://safeguard.sh/resources/blog/solarwinds-post-incident-governance-changes https://safeguard.sh/resources/blog/solarwinds-post-incident-governance-changes Wed, 14 Aug 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[SvelteKit Supply Chain Considerations]]> https://safeguard.sh/resources/blog/svelte-kit-supply-chain-considerations https://safeguard.sh/resources/blog/svelte-kit-supply-chain-considerations Wed, 14 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[GitHub Actions Artifact Poisoning: A Growing Supply Chain Attack Vector]]> https://safeguard.sh/resources/blog/github-actions-artifact-poisoning https://safeguard.sh/resources/blog/github-actions-artifact-poisoning Mon, 12 Aug 2024 11:00:00 GMT Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[AWS Step Functions Workflow Security]]> https://safeguard.sh/resources/blog/aws-stepfunctions-workflow-security https://safeguard.sh/resources/blog/aws-stepfunctions-workflow-security Sat, 10 Aug 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[OSS Trademark Policies: Security Angle]]> https://safeguard.sh/resources/blog/oss-trademark-policies-security-considerations https://safeguard.sh/resources/blog/oss-trademark-policies-security-considerations Sat, 10 Aug 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Compliance Automation Tools Compared: What Actually Reduces Audit Pain in 2024]]> https://safeguard.sh/resources/blog/compliance-automation-tools-comparison-2024 https://safeguard.sh/resources/blog/compliance-automation-tools-comparison-2024 Sat, 10 Aug 2024 00:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Aviation RTCA DO-326A and the Software Supply Chain]]> https://safeguard.sh/resources/blog/aviation-rtca-do-326a-supply-chain https://safeguard.sh/resources/blog/aviation-rtca-do-326a-supply-chain Thu, 08 Aug 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure]]> https://safeguard.sh/resources/blog/rhysida-ransomware-government-targeting https://safeguard.sh/resources/blog/rhysida-ransomware-government-targeting Mon, 05 Aug 2024 10:00:00 GMT Ransomware hi@safeguard.sh (James) <![CDATA[AI Supply Chain Attacks: Emerging Threats in Model and Data Pipelines]]> https://safeguard.sh/resources/blog/ai-supply-chain-attacks-emerging-threats https://safeguard.sh/resources/blog/ai-supply-chain-attacks-emerging-threats Mon, 05 Aug 2024 09:00:00 GMT Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard v2: The Platform Grows Up]]> https://safeguard.sh/resources/blog/safeguard-v2-release-announcement https://safeguard.sh/resources/blog/safeguard-v2-release-announcement Thu, 01 Aug 2024 10:00:00 GMT Release hi@safeguard.sh (Alex) <![CDATA[Cosign Verification Policies in Production]]> https://safeguard.sh/resources/blog/cosign-verification-policies-production https://safeguard.sh/resources/blog/cosign-verification-policies-production Tue, 30 Jul 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[NuGet Private Feed Security Hardening]]> https://safeguard.sh/resources/blog/nuget-private-feed-security-hardening https://safeguard.sh/resources/blog/nuget-private-feed-security-hardening Tue, 30 Jul 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Rancher Cluster Security Hardening]]> https://safeguard.sh/resources/blog/rancher-cluster-security-hardening https://safeguard.sh/resources/blog/rancher-cluster-security-hardening Tue, 30 Jul 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[VMware ESXi Under Siege: Ransomware Campaigns Targeting Hypervisors in 2024]]> https://safeguard.sh/resources/blog/vmware-esxi-ransomware-campaigns-2024 https://safeguard.sh/resources/blog/vmware-esxi-ransomware-campaigns-2024 Tue, 30 Jul 2024 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Bob) <![CDATA[Azure Container Registry Trust Model]]> https://safeguard.sh/resources/blog/azure-container-registry-trust-model https://safeguard.sh/resources/blog/azure-container-registry-trust-model Sun, 28 Jul 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Dependency Compromise Timeline Reconstruction]]> https://safeguard.sh/resources/blog/dependency-compromise-timeline-reconstruction https://safeguard.sh/resources/blog/dependency-compromise-timeline-reconstruction Sun, 28 Jul 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Monolith to Microservices: Supply Chain Changes]]> https://safeguard.sh/resources/blog/monolith-to-microservices-supply-chain-changes https://safeguard.sh/resources/blog/monolith-to-microservices-supply-chain-changes Sun, 28 Jul 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive]]> https://safeguard.sh/resources/blog/crowdstrike-falcon-global-outage-deep-dive-2024 https://safeguard.sh/resources/blog/crowdstrike-falcon-global-outage-deep-dive-2024 Thu, 25 Jul 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Pydantic v2 Security Implications]]> https://safeguard.sh/resources/blog/pydantic-v2-security-implications https://safeguard.sh/resources/blog/pydantic-v2-security-implications Thu, 25 Jul 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[US DoD Zero Trust: Software Dimensions]]> https://safeguard.sh/resources/blog/us-dod-zero-trust-software-dimensions https://safeguard.sh/resources/blog/us-dod-zero-trust-software-dimensions Thu, 25 Jul 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[AWS ECR Image Signing in Production]]> https://safeguard.sh/resources/blog/aws-ecr-image-signing-production https://safeguard.sh/resources/blog/aws-ecr-image-signing-production Mon, 22 Jul 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[GDPR Meets CRA: Software Overlap]]> https://safeguard.sh/resources/blog/gdpr-meets-cra-software-overlap https://safeguard.sh/resources/blog/gdpr-meets-cra-software-overlap Mon, 22 Jul 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[How to Build a VEX Document for Your Consumers]]> https://safeguard.sh/resources/blog/how-to-build-a-vex-document-for-consumers https://safeguard.sh/resources/blog/how-to-build-a-vex-document-for-consumers Mon, 22 Jul 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Scattered Spider: Developer Targeting Patterns]]> https://safeguard.sh/resources/blog/scattered-spider-developer-targeting-patterns https://safeguard.sh/resources/blog/scattered-spider-developer-targeting-patterns Mon, 22 Jul 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[SentinelOne Supply Chain Detection Logic for Build Systems]]> https://safeguard.sh/resources/blog/sentinel-one-supply-chain-detection-logic https://safeguard.sh/resources/blog/sentinel-one-supply-chain-detection-logic Mon, 22 Jul 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Lessons from CrowdStrike: Rethinking How We Deploy Software Updates]]> https://safeguard.sh/resources/blog/crowdstrike-outage-lessons-software-updates https://safeguard.sh/resources/blog/crowdstrike-outage-lessons-software-updates Mon, 22 Jul 2024 10:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[GraalVM Native Image Supply Chain]]> https://safeguard.sh/resources/blog/graalvm-native-image-supply-chain https://safeguard.sh/resources/blog/graalvm-native-image-supply-chain Sat, 20 Jul 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[CrowdStrike Falcon Update Triggers Global IT Outage: What Happened]]> https://safeguard.sh/resources/blog/crowdstrike-falcon-global-outage-july-2024 https://safeguard.sh/resources/blog/crowdstrike-falcon-global-outage-july-2024 Fri, 19 Jul 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Dropbox 2022: The Supply Chain Angle]]> https://safeguard.sh/resources/blog/dropbox-incident-2022-supply-chain-angle https://safeguard.sh/resources/blog/dropbox-incident-2022-supply-chain-angle Thu, 18 Jul 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[External Secrets Operator: A Kubernetes Guide]]> https://safeguard.sh/resources/blog/external-secrets-operator-kubernetes-guide https://safeguard.sh/resources/blog/external-secrets-operator-kubernetes-guide Thu, 18 Jul 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[npm Token Rotation: An Enterprise Strategy]]> https://safeguard.sh/resources/blog/npm-token-rotation-enterprise-strategy https://safeguard.sh/resources/blog/npm-token-rotation-enterprise-strategy Thu, 18 Jul 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Open Banking API Supply Chain Security]]> https://safeguard.sh/resources/blog/open-banking-api-supply-chain-security https://safeguard.sh/resources/blog/open-banking-api-supply-chain-security Thu, 18 Jul 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Drone CI Security Considerations]]> https://safeguard.sh/resources/blog/drone-ci-security-considerations https://safeguard.sh/resources/blog/drone-ci-security-considerations Mon, 15 Jul 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Fuzzing Open Source for Supply Chain Findings]]> https://safeguard.sh/resources/blog/fuzzing-open-source-for-supply-chain-findings https://safeguard.sh/resources/blog/fuzzing-open-source-for-supply-chain-findings Mon, 15 Jul 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard Auto-Fix: Automated Vulnerability Remediation That Respects Your Codebase]]> https://safeguard.sh/resources/blog/safeguard-auto-fix-automated-remediation https://safeguard.sh/resources/blog/safeguard-auto-fix-automated-remediation Mon, 15 Jul 2024 10:00:00 GMT Product hi@safeguard.sh (Bob) <![CDATA[rust crates.io Security Model Reviewed]]> https://safeguard.sh/resources/blog/rust-crates-io-security-model-review https://safeguard.sh/resources/blog/rust-crates-io-security-model-review Sun, 14 Jul 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Workload Identity Federation: Supply Chain Uses]]> https://safeguard.sh/resources/blog/gcp-workload-identity-federation-supply-chain https://safeguard.sh/resources/blog/gcp-workload-identity-federation-supply-chain Fri, 12 Jul 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Nix Reproducible Builds: A Supply Chain Case]]> https://safeguard.sh/resources/blog/nix-reproducible-builds-supply-chain-case https://safeguard.sh/resources/blog/nix-reproducible-builds-supply-chain-case Fri, 12 Jul 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Mean Time to Remediation Benchmarks: How Fast Should You Be Patching?]]> https://safeguard.sh/resources/blog/mean-time-to-remediation-benchmarks https://safeguard.sh/resources/blog/mean-time-to-remediation-benchmarks Fri, 12 Jul 2024 00:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[ServiceNow CVE-2024-4879: Remote Code Execution via Jelly Template Injection]]> https://safeguard.sh/resources/blog/servicenow-cve-2024-4879-rce-exploitation https://safeguard.sh/resources/blog/servicenow-cve-2024-4879-rce-exploitation Wed, 10 Jul 2024 12:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Securing ML Model Serving Infrastructure]]> https://safeguard.sh/resources/blog/ml-model-serving-infrastructure-security https://safeguard.sh/resources/blog/ml-model-serving-infrastructure-security Wed, 10 Jul 2024 09:00:00 GMT Cloud Security hi@safeguard.sh (Alex) <![CDATA[Maintainer Burnout: Security Implications]]> https://safeguard.sh/resources/blog/maintainer-burnout-security-implications https://safeguard.sh/resources/blog/maintainer-burnout-security-implications Mon, 08 Jul 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Semgrep vs CodeQL: SAST Comparison]]> https://safeguard.sh/resources/blog/semgrep-vs-codeql-sast-comparison-2024 https://safeguard.sh/resources/blog/semgrep-vs-codeql-sast-comparison-2024 Mon, 08 Jul 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Code Repository Security Hardening]]> https://safeguard.sh/resources/blog/code-repository-security-hardening https://safeguard.sh/resources/blog/code-repository-security-hardening Mon, 08 Jul 2024 00:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[FastAPI Supply Chain Security: A Working Guide]]> https://safeguard.sh/resources/blog/fastapi-supply-chain-security-guide https://safeguard.sh/resources/blog/fastapi-supply-chain-security-guide Fri, 05 Jul 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Go Checksum Verification Patterns]]> https://safeguard.sh/resources/blog/go-checksum-verification-patterns https://safeguard.sh/resources/blog/go-checksum-verification-patterns Fri, 05 Jul 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[bundler-audit Production Setup]]> https://safeguard.sh/resources/blog/bundler-audit-production-setup https://safeguard.sh/resources/blog/bundler-audit-production-setup Tue, 02 Jul 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Safeguard SCA: Vulnerability Scanning Built for the Supply Chain]]> https://safeguard.sh/resources/blog/safeguard-sca-vulnerability-scanning https://safeguard.sh/resources/blog/safeguard-sca-vulnerability-scanning Mon, 01 Jul 2024 10:00:00 GMT Product hi@safeguard.sh (James) <![CDATA[regreSSHion: CVE-2024-6387 OpenSSH Remote Code Execution]]> https://safeguard.sh/resources/blog/regresshion-openssh-cve-2024-6387 https://safeguard.sh/resources/blog/regresshion-openssh-cve-2024-6387 Mon, 01 Jul 2024 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Azure Policy for Supply Chain Enforcement]]> https://safeguard.sh/resources/blog/azure-policy-supply-chain-enforcement https://safeguard.sh/resources/blog/azure-policy-supply-chain-enforcement Sun, 30 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Retail POS Supply Chain Security]]> https://safeguard.sh/resources/blog/retail-pos-supply-chain-security https://safeguard.sh/resources/blog/retail-pos-supply-chain-security Sun, 30 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[AWS Secrets Manager vs Parameter Store]]> https://safeguard.sh/resources/blog/aws-secrets-manager-vs-parameter-store-comparison https://safeguard.sh/resources/blog/aws-secrets-manager-vs-parameter-store-comparison Fri, 28 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Firecracker micro-VM Security Model]]> https://safeguard.sh/resources/blog/firecracker-micro-vm-security-model https://safeguard.sh/resources/blog/firecracker-micro-vm-security-model Fri, 28 Jun 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[in-toto Attestation Formats Reviewed]]> https://safeguard.sh/resources/blog/in-toto-attestation-formats-review https://safeguard.sh/resources/blog/in-toto-attestation-formats-review Fri, 28 Jun 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[ArgoCD GitOps Security Depth]]> https://safeguard.sh/resources/blog/argocd-gitops-security-depth https://safeguard.sh/resources/blog/argocd-gitops-security-depth Tue, 25 Jun 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Commercial OSS License Shifts: An Analysis]]> https://safeguard.sh/resources/blog/commercial-open-source-license-shift-analysis https://safeguard.sh/resources/blog/commercial-open-source-license-shift-analysis Tue, 25 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[ISO 27001 Meets NIST CSF: Integration]]> https://safeguard.sh/resources/blog/iso-27001-meets-nist-csf-integration https://safeguard.sh/resources/blog/iso-27001-meets-nist-csf-integration Tue, 25 Jun 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Microsoft Midnight Blizzard: Detailed Timeline]]> https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-detailed-timeline https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-detailed-timeline Tue, 25 Jun 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Polyfill.io Supply Chain Attack: When a CDN Domain Changes Hands]]> https://safeguard.sh/resources/blog/polyfill-io-supply-chain-attack https://safeguard.sh/resources/blog/polyfill-io-supply-chain-attack Tue, 25 Jun 2024 09:00:00 GMT Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[GN and Meson Build Systems: Security]]> https://safeguard.sh/resources/blog/gn-meson-build-system-security-comparison https://safeguard.sh/resources/blog/gn-meson-build-system-security-comparison Sat, 22 Jun 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[NuGet Central Package Management Security]]> https://safeguard.sh/resources/blog/nuget-central-package-management-security https://safeguard.sh/resources/blog/nuget-central-package-management-security Sat, 22 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI API Token Scopes: An Audit Guide]]> https://safeguard.sh/resources/blog/pypi-api-token-scopes-audit https://safeguard.sh/resources/blog/pypi-api-token-scopes-audit Sat, 22 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Malicious Package Quarantine Procedures]]> https://safeguard.sh/resources/blog/malicious-package-quarantine-procedures https://safeguard.sh/resources/blog/malicious-package-quarantine-procedures Thu, 20 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Migrating From Ansible to GitOps: A Supply Chain Perspective]]> https://safeguard.sh/resources/blog/migrating-off-ansible-to-gitops https://safeguard.sh/resources/blog/migrating-off-ansible-to-gitops Thu, 20 Jun 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[npm Package Takeover: The Summer 2024 Wave]]> https://safeguard.sh/resources/blog/npm-package-takeover-summer-2024-wave https://safeguard.sh/resources/blog/npm-package-takeover-summer-2024-wave Thu, 20 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Management at Enterprise Scale: What Actually Works]]> https://safeguard.sh/resources/blog/vulnerability-management-at-scale-enterprise https://safeguard.sh/resources/blog/vulnerability-management-at-scale-enterprise Thu, 20 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Yukti Singhal) <![CDATA[The Middle East Cybersecurity Landscape: Rapid Digitization Meets Rising Threats]]> https://safeguard.sh/resources/blog/middle-east-cybersecurity-landscape-2024 https://safeguard.sh/resources/blog/middle-east-cybersecurity-landscape-2024 Thu, 20 Jun 2024 00:00:00 GMT Regional Security hi@safeguard.sh (Alex) <![CDATA[Go Module Hijacking Detection]]> https://safeguard.sh/resources/blog/go-module-hijacking-detection https://safeguard.sh/resources/blog/go-module-hijacking-detection Tue, 18 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Payment Processor Dependency Risks]]> https://safeguard.sh/resources/blog/payment-processor-dependency-risks https://safeguard.sh/resources/blog/payment-processor-dependency-risks Tue, 18 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[AWS CodePipeline Hardening Patterns]]> https://safeguard.sh/resources/blog/aws-codepipeline-hardening-patterns https://safeguard.sh/resources/blog/aws-codepipeline-hardening-patterns Sat, 15 Jun 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Clop: Supply Chain Exploitation Tradecraft]]> https://safeguard.sh/resources/blog/clop-supply-chain-exploitation-tradecraft https://safeguard.sh/resources/blog/clop-supply-chain-exploitation-tradecraft Sat, 15 Jun 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes]]> https://safeguard.sh/resources/blog/devex-meets-devsecops-developer-experience https://safeguard.sh/resources/blog/devex-meets-devsecops-developer-experience Sat, 15 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Michael) <![CDATA[Safeguard IDE Extension: Supply Chain Intelligence in Your Editor]]> https://safeguard.sh/resources/blog/safeguard-ide-extension-launch https://safeguard.sh/resources/blog/safeguard-ide-extension-launch Sat, 15 Jun 2024 10:00:00 GMT Product hi@safeguard.sh (Yukti Singhal) <![CDATA[Elastic Security Supply Chain Signals]]> https://safeguard.sh/resources/blog/elastic-security-supply-chain-signals https://safeguard.sh/resources/blog/elastic-security-supply-chain-signals Sat, 15 Jun 2024 00:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Bundler Lockfile Security Practices]]> https://safeguard.sh/resources/blog/bundler-lockfile-security-practices https://safeguard.sh/resources/blog/bundler-lockfile-security-practices Fri, 14 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[npm Workspaces Security Considerations]]> https://safeguard.sh/resources/blog/npm-workspaces-security-considerations https://safeguard.sh/resources/blog/npm-workspaces-security-considerations Wed, 12 Jun 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Gramm-Leach-Bliley Software Security Update]]> https://safeguard.sh/resources/blog/gramm-leach-bliley-software-security-update-2024 https://safeguard.sh/resources/blog/gramm-leach-bliley-software-security-update-2024 Tue, 11 Jun 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Gradle Build Cache Security Hardening]]> https://safeguard.sh/resources/blog/gradle-build-cache-security-hardening https://safeguard.sh/resources/blog/gradle-build-cache-security-hardening Mon, 10 Jun 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[How to Sign Container Images With Cosign: A Complete Guide]]> https://safeguard.sh/resources/blog/how-to-sign-container-images-with-cosign-guide https://safeguard.sh/resources/blog/how-to-sign-container-images-with-cosign-guide Mon, 10 Jun 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Snowflake Customer Data Breaches: 165 Organizations Hit by Credential Theft Campaign]]> https://safeguard.sh/resources/blog/snowflake-customer-data-breaches https://safeguard.sh/resources/blog/snowflake-customer-data-breaches Mon, 10 Jun 2024 09:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[GCP Secret Manager Rotation Strategy]]> https://safeguard.sh/resources/blog/gcp-secret-manager-rotation-strategy https://safeguard.sh/resources/blog/gcp-secret-manager-rotation-strategy Sat, 08 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Rust Edition Migration Security Notes]]> https://safeguard.sh/resources/blog/rust-edition-migration-security-notes https://safeguard.sh/resources/blog/rust-edition-migration-security-notes Sat, 08 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Security Team Scaling Strategies: Growing Without Burning Out]]> https://safeguard.sh/resources/blog/security-team-scaling-strategies https://safeguard.sh/resources/blog/security-team-scaling-strategies Sat, 08 Jun 2024 10:00:00 GMT Security Strategy hi@safeguard.sh (Alex) <![CDATA[Tauri Desktop App Security Model: What Developers Need to Know]]> https://safeguard.sh/resources/blog/tauri-desktop-app-security-model https://safeguard.sh/resources/blog/tauri-desktop-app-security-model Wed, 05 Jun 2024 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[OpenAI Internal Breach: What the 2023 Forum Hack Reveals About AI Company Security]]> https://safeguard.sh/resources/blog/openai-internal-breach-2024 https://safeguard.sh/resources/blog/openai-internal-breach-2024 Wed, 05 Jun 2024 09:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Next.js Supply Chain Security Hardening]]> https://safeguard.sh/resources/blog/nextjs-supply-chain-security-hardening-2024 https://safeguard.sh/resources/blog/nextjs-supply-chain-security-hardening-2024 Tue, 04 Jun 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Safeguard CLI: Supply Chain Security Without Leaving Your Terminal]]> https://safeguard.sh/resources/blog/safeguard-cli-tool-developer-workflow https://safeguard.sh/resources/blog/safeguard-cli-tool-developer-workflow Sat, 01 Jun 2024 10:00:00 GMT Product hi@safeguard.sh (Nayan Dey) <![CDATA[Infisical: An Open-Source Secrets Platform Review]]> https://safeguard.sh/resources/blog/infisical-open-source-secrets-platform https://safeguard.sh/resources/blog/infisical-open-source-secrets-platform Thu, 30 May 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Insurance Industry Software Supply Chain]]> https://safeguard.sh/resources/blog/insurance-industry-software-supply-chain https://safeguard.sh/resources/blog/insurance-industry-software-supply-chain Thu, 30 May 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Vite Build Tool Security Considerations]]> https://safeguard.sh/resources/blog/vite-build-tool-security-considerations https://safeguard.sh/resources/blog/vite-build-tool-security-considerations Thu, 30 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Harness.io Supply Chain Security Reviewed]]> https://safeguard.sh/resources/blog/harness-io-supply-chain-security-review https://safeguard.sh/resources/blog/harness-io-supply-chain-security-review Tue, 28 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Central Changes in 2024 and Their Security Impact]]> https://safeguard.sh/resources/blog/maven-central-changes-2024-security-impact https://safeguard.sh/resources/blog/maven-central-changes-2024-security-impact Tue, 28 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Rails Application Template Security]]> https://safeguard.sh/resources/blog/rails-application-template-security https://safeguard.sh/resources/blog/rails-application-template-security Tue, 28 May 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Symbolic Execution for Dependency Analysis]]> https://safeguard.sh/resources/blog/symbolic-execution-for-dependency-analysis https://safeguard.sh/resources/blog/symbolic-execution-for-dependency-analysis Tue, 28 May 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Check Point VPN Zero-Day CVE-2024-24919: Information Disclosure Under Active Exploitation]]> https://safeguard.sh/resources/blog/check-point-vpn-cve-2024-24919-zero-day https://safeguard.sh/resources/blog/check-point-vpn-cve-2024-24919-zero-day Tue, 28 May 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Cisco Duo Incident: Supply Chain Depth]]> https://safeguard.sh/resources/blog/cisco-duo-incident-supply-chain-depth https://safeguard.sh/resources/blog/cisco-duo-incident-supply-chain-depth Sat, 25 May 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[GCP Cloud Build Hardening in Production]]> https://safeguard.sh/resources/blog/gcp-cloud-build-hardening-production https://safeguard.sh/resources/blog/gcp-cloud-build-hardening-production Sat, 25 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[OSS Contributor License Agreements Reviewed]]> https://safeguard.sh/resources/blog/oss-contributor-license-agreements-review https://safeguard.sh/resources/blog/oss-contributor-license-agreements-review Sat, 25 May 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Message Queue Security: Hardening Kafka, RabbitMQ, and Event Brokers]]> https://safeguard.sh/resources/blog/message-queue-security-kafka-rabbitmq https://safeguard.sh/resources/blog/message-queue-security-kafka-rabbitmq Sat, 25 May 2024 00:00:00 GMT Infrastructure Security hi@safeguard.sh (Shadab Khan) <![CDATA[Go Workspaces Supply Chain Risks]]> https://safeguard.sh/resources/blog/go-workspaces-supply-chain-risks https://safeguard.sh/resources/blog/go-workspaces-supply-chain-risks Wed, 22 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI Package Yanking Policies Analyzed]]> https://safeguard.sh/resources/blog/pypi-package-yanking-policies-analysis https://safeguard.sh/resources/blog/pypi-package-yanking-policies-analysis Wed, 22 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Sumo Logic for Supply Chain Observability: A Practitioner's Guide]]> https://safeguard.sh/resources/blog/sumo-logic-supply-chain-observability https://safeguard.sh/resources/blog/sumo-logic-supply-chain-observability Wed, 22 May 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[FastAPI Security Best Practices]]> https://safeguard.sh/resources/blog/fastapi-security-best-practices https://safeguard.sh/resources/blog/fastapi-security-best-practices Wed, 22 May 2024 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[How to Measure Dependency Freshness in CI]]> https://safeguard.sh/resources/blog/how-to-measure-dependency-freshness-in-ci https://safeguard.sh/resources/blog/how-to-measure-dependency-freshness-in-ci Mon, 20 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[SOX IT Controls Meet Software Controls]]> https://safeguard.sh/resources/blog/sox-it-controls-meets-software-controls https://safeguard.sh/resources/blog/sox-it-controls-meets-software-controls Mon, 20 May 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Utilities Sector NERC CIP Software Supply Chain]]> https://safeguard.sh/resources/blog/utilities-sector-nerc-cip-software-supply-chain https://safeguard.sh/resources/blog/utilities-sector-nerc-cip-software-supply-chain Mon, 20 May 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks]]> https://safeguard.sh/resources/blog/deepfake-social-engineering-supply-chain https://safeguard.sh/resources/blog/deepfake-social-engineering-supply-chain Mon, 20 May 2024 11:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Visualization Tools Compared: Making Dependency Data Actionable]]> https://safeguard.sh/resources/blog/sbom-visualization-tools-comparison https://safeguard.sh/resources/blog/sbom-visualization-tools-comparison Mon, 20 May 2024 10:00:00 GMT SBOM and Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[GitHub Enterprise Server CVE-2024-4985: SAML Authentication Bypass]]> https://safeguard.sh/resources/blog/github-enterprise-server-cve-2024-4985 https://safeguard.sh/resources/blog/github-enterprise-server-cve-2024-4985 Mon, 20 May 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[Azure Key Vault Rotation Patterns]]> https://safeguard.sh/resources/blog/azure-key-vault-rotation-patterns https://safeguard.sh/resources/blog/azure-key-vault-rotation-patterns Sat, 18 May 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[.NET Supply Chain Audit Patterns]]> https://safeguard.sh/resources/blog/dotnet-supply-chain-audit-patterns https://safeguard.sh/resources/blog/dotnet-supply-chain-audit-patterns Sat, 18 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Migrating SBOM Tooling Providers]]> https://safeguard.sh/resources/blog/migrating-sbom-tooling-provider-migration https://safeguard.sh/resources/blog/migrating-sbom-tooling-provider-migration Sat, 18 May 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Pants Build Tool Security Posture]]> https://safeguard.sh/resources/blog/pants-build-tool-security-posture https://safeguard.sh/resources/blog/pants-build-tool-security-posture Sat, 18 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Managing Python Package Namespace Conflicts]]> https://safeguard.sh/resources/blog/python-package-namespace-conflicts-management https://safeguard.sh/resources/blog/python-package-namespace-conflicts-management Sat, 18 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Rust no_std Supply Chain Considerations]]> https://safeguard.sh/resources/blog/rust-no-std-supply-chain-considerations https://safeguard.sh/resources/blog/rust-no-std-supply-chain-considerations Wed, 15 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[SLSA for Go Releases: A Practical Guide]]> https://safeguard.sh/resources/blog/slsa-for-go-releases-practical-guide https://safeguard.sh/resources/blog/slsa-for-go-releases-practical-guide Wed, 15 May 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Griffin AI: Your Autonomous Supply Chain Security Analyst]]> https://safeguard.sh/resources/blog/safeguard-griffin-ai-autonomous-security https://safeguard.sh/resources/blog/safeguard-griffin-ai-autonomous-security Wed, 15 May 2024 10:00:00 GMT Product hi@safeguard.sh (Michael) <![CDATA[SBOM for EdTech Platforms: Protecting Student Data Through Supply Chain Transparency]]> https://safeguard.sh/resources/blog/sbom-for-edtech-platforms https://safeguard.sh/resources/blog/sbom-for-edtech-platforms Wed, 15 May 2024 00:00:00 GMT SBOM hi@safeguard.sh (Alex) <![CDATA[The OSS Pledge: Adoption Tracking at Six Months]]> https://safeguard.sh/resources/blog/oss-pledge-adoption-tracking-2024 https://safeguard.sh/resources/blog/oss-pledge-adoption-tracking-2024 Tue, 14 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[containerd Security Configuration Guide]]> https://safeguard.sh/resources/blog/containerd-security-configuration-guide https://safeguard.sh/resources/blog/containerd-security-configuration-guide Sun, 12 May 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Kotlin Multiplatform Supply Chain Risks]]> https://safeguard.sh/resources/blog/kotlin-multiplatform-supply-chain-risks https://safeguard.sh/resources/blog/kotlin-multiplatform-supply-chain-risks Sun, 12 May 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Disaster Recovery for Supply Chain Security Incidents]]> https://safeguard.sh/resources/blog/disaster-recovery-supply-chain-incidents https://safeguard.sh/resources/blog/disaster-recovery-supply-chain-incidents Sun, 12 May 2024 10:00:00 GMT Security Operations hi@safeguard.sh (Shadab Khan) <![CDATA[False Positive Rates in Container Scanning: Why Your Scanner Lies to You]]> https://safeguard.sh/resources/blog/false-positive-rates-container-scanning https://safeguard.sh/resources/blog/false-positive-rates-container-scanning Sun, 12 May 2024 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Alex) <![CDATA[Executive Order 14028, Three Years Later: Progress, Gaps, and What Comes Next]]> https://safeguard.sh/resources/blog/eo-14028-three-years-later-progress-report https://safeguard.sh/resources/blog/eo-14028-three-years-later-progress-report Sun, 12 May 2024 09:00:00 GMT Policy & Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[CNCF Project Security Audits: What They Find and Why They Matter]]> https://safeguard.sh/resources/blog/cncf-project-security-audits https://safeguard.sh/resources/blog/cncf-project-security-audits Sun, 12 May 2024 00:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Dell Data Breach Exposes 49 Million Customer Records via API Abuse]]> https://safeguard.sh/resources/blog/dell-49-million-customer-records https://safeguard.sh/resources/blog/dell-49-million-customer-records Fri, 10 May 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[APT29 Cozy Bear: Supply Chain Tradecraft]]> https://safeguard.sh/resources/blog/apt29-cozy-bear-supply-chain-tradecraft https://safeguard.sh/resources/blog/apt29-cozy-bear-supply-chain-tradecraft Fri, 10 May 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[AWS CodeBuild Supply Chain Hardening Guide]]> https://safeguard.sh/resources/blog/aws-codebuild-supply-chain-hardening-guide https://safeguard.sh/resources/blog/aws-codebuild-supply-chain-hardening-guide Fri, 10 May 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Quantifying Digital Supply Chain Risk]]> https://safeguard.sh/resources/blog/digital-supply-chain-risk-quantification https://safeguard.sh/resources/blog/digital-supply-chain-risk-quantification Wed, 08 May 2024 11:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[Homebrew Cask Security Verification: What Gets Checked Before Installation]]> https://safeguard.sh/resources/blog/homebrew-cask-security-verification https://safeguard.sh/resources/blog/homebrew-cask-security-verification Wed, 08 May 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Maven Plugin Verification: Securing Your Java Build Pipeline]]> https://safeguard.sh/resources/blog/maven-plugin-verification-guide https://safeguard.sh/resources/blog/maven-plugin-verification-guide Wed, 08 May 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Next.js Security Hardening Guide]]> https://safeguard.sh/resources/blog/nextjs-security-hardening-guide https://safeguard.sh/resources/blog/nextjs-security-hardening-guide Wed, 08 May 2024 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Third-Party Risk Management for Software Vendors]]> https://safeguard.sh/resources/blog/third-party-risk-management-software-vendors-program https://safeguard.sh/resources/blog/third-party-risk-management-software-vendors-program Tue, 07 May 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Developer Workstation Forensics for Supply Chain]]> https://safeguard.sh/resources/blog/developer-workstation-forensics-supply-chain https://safeguard.sh/resources/blog/developer-workstation-forensics-supply-chain Sun, 05 May 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source AI Model Security: The Emerging Threat Landscape]]> https://safeguard.sh/resources/blog/open-source-ai-model-security-landscape https://safeguard.sh/resources/blog/open-source-ai-model-security-landscape Sun, 05 May 2024 12:00:00 GMT Emerging Threats hi@safeguard.sh (James) <![CDATA[GraphQL Injection Prevention: Securing Your API Layer]]> https://safeguard.sh/resources/blog/graphql-injection-prevention https://safeguard.sh/resources/blog/graphql-injection-prevention Sun, 05 May 2024 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows]]> https://safeguard.sh/resources/blog/sast-tool-accuracy-benchmarks-2024 https://safeguard.sh/resources/blog/sast-tool-accuracy-benchmarks-2024 Sun, 05 May 2024 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Safeguard Open Source Manager: Understanding the Health of Your Dependencies]]> https://safeguard.sh/resources/blog/safeguard-open-source-manager-launch https://safeguard.sh/resources/blog/safeguard-open-source-manager-launch Wed, 01 May 2024 10:00:00 GMT Product hi@safeguard.sh (Alex) <![CDATA[AWS AppConfig Dynamic Config Security]]> https://safeguard.sh/resources/blog/aws-appconfig-dynamic-config-security https://safeguard.sh/resources/blog/aws-appconfig-dynamic-config-security Tue, 30 Apr 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Spring Dependency Management Supply Chain]]> https://safeguard.sh/resources/blog/spring-dependency-management-supply-chain https://safeguard.sh/resources/blog/spring-dependency-management-supply-chain Tue, 30 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Chronicle Security Supply Chain Queries]]> https://safeguard.sh/resources/blog/chronicle-security-supply-chain-queries https://safeguard.sh/resources/blog/chronicle-security-supply-chain-queries Tue, 30 Apr 2024 00:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Critical Infrastructure Software Supply Chain]]> https://safeguard.sh/resources/blog/critical-infrastructure-software-supply-chain https://safeguard.sh/resources/blog/critical-infrastructure-software-supply-chain Sun, 28 Apr 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Twilio 2022 Incidents: Supply Chain Lessons]]> https://safeguard.sh/resources/blog/twilio-2022-incidents-supply-chain-lessons https://safeguard.sh/resources/blog/twilio-2022-incidents-supply-chain-lessons Sun, 28 Apr 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Coordinated Vulnerability Disclosure: A Complete Guide]]> https://safeguard.sh/resources/blog/coordinated-vulnerability-disclosure-guide https://safeguard.sh/resources/blog/coordinated-vulnerability-disclosure-guide Sun, 28 Apr 2024 09:00:00 GMT Vulnerability Management hi@safeguard.sh (Yukti Singhal) <![CDATA[EU NIS2 Directive: What Software Supply Chain Teams Need to Know]]> https://safeguard.sh/resources/blog/eu-nis2-directive-software-supply-chain https://safeguard.sh/resources/blog/eu-nis2-directive-software-supply-chain Thu, 25 Apr 2024 12:00:00 GMT Compliance & Frameworks hi@safeguard.sh (Alex) <![CDATA[Medical Device SBOM Requirements in Practice]]> https://safeguard.sh/resources/blog/medical-device-sbom-requirements-practical https://safeguard.sh/resources/blog/medical-device-sbom-requirements-practical Thu, 25 Apr 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[npm Registry Authentication Deep Dive]]> https://safeguard.sh/resources/blog/npm-registry-authentication-deep-dive https://safeguard.sh/resources/blog/npm-registry-authentication-deep-dive Thu, 25 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Corporate OSS Contribution Policies]]> https://safeguard.sh/resources/blog/corporate-oss-contribution-policies https://safeguard.sh/resources/blog/corporate-oss-contribution-policies Mon, 22 Apr 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[1Password Secrets Automation in CI]]> https://safeguard.sh/resources/blog/one-password-secrets-automation-ci https://safeguard.sh/resources/blog/one-password-secrets-automation-ci Mon, 22 Apr 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI Supply Chain Attacks: Q1 2024 Roundup]]> https://safeguard.sh/resources/blog/pypi-supply-chain-attacks-q1-2024 https://safeguard.sh/resources/blog/pypi-supply-chain-attacks-q1-2024 Mon, 22 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Taint Analysis for Zero-Day Discovery: A Primer]]> https://safeguard.sh/resources/blog/taint-analysis-for-zero-day-discovery-primer https://safeguard.sh/resources/blog/taint-analysis-for-zero-day-discovery-primer Mon, 22 Apr 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Azure DevOps YAML Pipeline Hardening]]> https://safeguard.sh/resources/blog/azure-devops-yaml-pipeline-hardening https://safeguard.sh/resources/blog/azure-devops-yaml-pipeline-hardening Sat, 20 Apr 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Container Security Scanning in 2024: Benchmarks, Tools, and What Actually Matters]]> https://safeguard.sh/resources/blog/container-security-scanning-benchmarks-2024 https://safeguard.sh/resources/blog/container-security-scanning-benchmarks-2024 Sat, 20 Apr 2024 09:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Conti Ransomware Supply Chain Patterns]]> https://safeguard.sh/resources/blog/conti-ransomware-supply-chain-patterns https://safeguard.sh/resources/blog/conti-ransomware-supply-chain-patterns Thu, 18 Apr 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Palo Alto GlobalProtect Zero-Day: Response Timeline]]> https://safeguard.sh/resources/blog/palo-alto-globalprotect-zero-day-response-2024 https://safeguard.sh/resources/blog/palo-alto-globalprotect-zero-day-response-2024 Thu, 18 Apr 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Package Namespace Governance]]> https://safeguard.sh/resources/blog/pypi-package-namespace-governance https://safeguard.sh/resources/blog/pypi-package-namespace-governance Thu, 18 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[RubyGems 2FA Enforcement Analysis]]> https://safeguard.sh/resources/blog/rubygems-2fa-enforcement-analysis https://safeguard.sh/resources/blog/rubygems-2fa-enforcement-analysis Thu, 18 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Sigstore Rekor Transparency Log Operations]]> https://safeguard.sh/resources/blog/sigstore-rekor-transparency-log-operations https://safeguard.sh/resources/blog/sigstore-rekor-transparency-log-operations Thu, 18 Apr 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Black Basta Ransomware: Techniques and Tactics in 2024]]> https://safeguard.sh/resources/blog/black-basta-ransomware-techniques-2024 https://safeguard.sh/resources/blog/black-basta-ransomware-techniques-2024 Thu, 18 Apr 2024 10:00:00 GMT Ransomware hi@safeguard.sh (Shadab Khan) <![CDATA[Insurance Industry Software Risk Assessment and Supply Chain Security]]> https://safeguard.sh/resources/blog/insurance-industry-software-risk-assessment https://safeguard.sh/resources/blog/insurance-industry-software-risk-assessment Thu, 18 Apr 2024 08:00:00 GMT Industry Guides hi@safeguard.sh (James) <![CDATA[UK Product Security and Telecommunications Infrastructure Act: Software Implications]]> https://safeguard.sh/resources/blog/uk-product-security-telecommunications-act https://safeguard.sh/resources/blog/uk-product-security-telecommunications-act Thu, 18 Apr 2024 08:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Penetration Testing CI/CD Pipelines]]> https://safeguard.sh/resources/blog/penetration-testing-ci-cd-pipelines https://safeguard.sh/resources/blog/penetration-testing-ci-cd-pipelines Thu, 18 Apr 2024 00:00:00 GMT Offensive Security hi@safeguard.sh (Alex) <![CDATA[GCP Cloud Functions Supply Chain Risks]]> https://safeguard.sh/resources/blog/gcp-cloud-functions-supply-chain-risks https://safeguard.sh/resources/blog/gcp-cloud-functions-supply-chain-risks Mon, 15 Apr 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Migrating Jenkins to GitHub Actions: Security]]> https://safeguard.sh/resources/blog/migrating-from-jenkins-to-github-actions-security https://safeguard.sh/resources/blog/migrating-from-jenkins-to-github-actions-security Mon, 15 Apr 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Supply Chain Incident Forensics Playbook]]> https://safeguard.sh/resources/blog/supply-chain-incident-forensics-playbook https://safeguard.sh/resources/blog/supply-chain-incident-forensics-playbook Mon, 15 Apr 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[AWS Lambda Supply Chain Risks You Are Probably Ignoring]]> https://safeguard.sh/resources/blog/aws-lambda-supply-chain-risks https://safeguard.sh/resources/blog/aws-lambda-supply-chain-risks Mon, 15 Apr 2024 10:00:00 GMT Cloud Security hi@safeguard.sh (Nayan Dey) <![CDATA[Managing Third-Party Software Risk With Safeguard TPRM]]> https://safeguard.sh/resources/blog/safeguard-tprm-third-party-risk https://safeguard.sh/resources/blog/safeguard-tprm-third-party-risk Mon, 15 Apr 2024 10:00:00 GMT Product hi@safeguard.sh (Bob) <![CDATA[Sisense Data Breach: When Your Analytics Platform Becomes the Threat]]> https://safeguard.sh/resources/blog/sisense-breach-cisa-advisory https://safeguard.sh/resources/blog/sisense-breach-cisa-advisory Mon, 15 Apr 2024 09:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[SPDX 3.0: What Changed and Why It Matters]]> https://safeguard.sh/resources/blog/spdx-3-0-specification-what-changed https://safeguard.sh/resources/blog/spdx-3-0-specification-what-changed Mon, 15 Apr 2024 09:00:00 GMT SBOM Standards hi@safeguard.sh (Shadab Khan) <![CDATA[Privacy Engineering in Software Supply Chains]]> https://safeguard.sh/resources/blog/privacy-engineering-supply-chains https://safeguard.sh/resources/blog/privacy-engineering-supply-chains Mon, 15 Apr 2024 00:00:00 GMT Privacy hi@safeguard.sh (Michael) <![CDATA[Australia's Essential Eight and Software Supply Chain]]> https://safeguard.sh/resources/blog/australia-essential-eight-supply-chain https://safeguard.sh/resources/blog/australia-essential-eight-supply-chain Sun, 14 Apr 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Roku Credential Stuffing Attacks Compromise 576,000 Accounts]]> https://safeguard.sh/resources/blog/roku-576000-accounts-credential-stuffing https://safeguard.sh/resources/blog/roku-576000-accounts-credential-stuffing Fri, 12 Apr 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Alex) <![CDATA[Go Dependency Visualization for Security]]> https://safeguard.sh/resources/blog/go-dependency-visualization-for-security https://safeguard.sh/resources/blog/go-dependency-visualization-for-security Fri, 12 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[BuildKit Cache Security Considerations for Container Builds]]> https://safeguard.sh/resources/blog/buildkit-cache-security-considerations https://safeguard.sh/resources/blog/buildkit-cache-security-considerations Fri, 12 Apr 2024 10:00:00 GMT Container Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Envoy Proxy Security Hardening for Production Deployments]]> https://safeguard.sh/resources/blog/envoy-proxy-security-hardening https://safeguard.sh/resources/blog/envoy-proxy-security-hardening Fri, 12 Apr 2024 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Bob) <![CDATA[IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement]]> https://safeguard.sh/resources/blog/iot-firmware-sbom-requirements https://safeguard.sh/resources/blog/iot-firmware-sbom-requirements Fri, 12 Apr 2024 09:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[Palo Alto PAN-OS Zero-Day CVE-2024-3400: Command Injection in GlobalProtect]]> https://safeguard.sh/resources/blog/palo-alto-pan-os-cve-2024-3400-zero-day https://safeguard.sh/resources/blog/palo-alto-pan-os-cve-2024-3400-zero-day Fri, 12 Apr 2024 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Open-Source Contribution Security Guide]]> https://safeguard.sh/resources/blog/open-source-contribution-security-guide https://safeguard.sh/resources/blog/open-source-contribution-security-guide Fri, 12 Apr 2024 00:00:00 GMT Organizational Security hi@safeguard.sh (Nayan Dey) <![CDATA[Django Security Best Practices, 2024 Edition]]> https://safeguard.sh/resources/blog/django-security-best-practices-2024-edition https://safeguard.sh/resources/blog/django-security-best-practices-2024-edition Wed, 10 Apr 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Compliance Dashboard Design Patterns for Supply Chain Security]]> https://safeguard.sh/resources/blog/compliance-dashboard-design-patterns https://safeguard.sh/resources/blog/compliance-dashboard-design-patterns Wed, 10 Apr 2024 10:00:00 GMT SBOM and Compliance hi@safeguard.sh (Bob) <![CDATA[CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth]]> https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge https://safeguard.sh/resources/blog/cisa-secure-by-design-pledge Wed, 10 Apr 2024 09:00:00 GMT Policy & Compliance hi@safeguard.sh (Bob) <![CDATA[Bazel Hermetic Builds: Supply Chain Benefits]]> https://safeguard.sh/resources/blog/bazel-hermetic-builds-supply-chain-benefits https://safeguard.sh/resources/blog/bazel-hermetic-builds-supply-chain-benefits Mon, 08 Apr 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[HIPAA Meets HITRUST: Supply Chain Depth]]> https://safeguard.sh/resources/blog/hipaa-meets-hitrust-supply-chain-depth https://safeguard.sh/resources/blog/hipaa-meets-hitrust-supply-chain-depth Mon, 08 Apr 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Kubernetes Network Policies: The Supply Chain Angle]]> https://safeguard.sh/resources/blog/kubernetes-network-policies-supply-chain-angle https://safeguard.sh/resources/blog/kubernetes-network-policies-supply-chain-angle Mon, 08 Apr 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[PowerShell Module Supply Chain Security]]> https://safeguard.sh/resources/blog/powershell-module-supply-chain-security https://safeguard.sh/resources/blog/powershell-module-supply-chain-security Mon, 08 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[How Often Should You Scan for Vulnerabilities?]]> https://safeguard.sh/resources/blog/vulnerability-scanning-frequency-guide https://safeguard.sh/resources/blog/vulnerability-scanning-frequency-guide Mon, 08 Apr 2024 10:00:00 GMT Best Practices hi@safeguard.sh (Michael) <![CDATA[WebSocket Security in Modern Applications]]> https://safeguard.sh/resources/blog/websocket-security-modern-applications https://safeguard.sh/resources/blog/websocket-security-modern-applications Mon, 08 Apr 2024 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[AI Model Poisoning: Detection Techniques for the Software Supply Chain]]> https://safeguard.sh/resources/blog/ai-model-poisoning-detection-techniques https://safeguard.sh/resources/blog/ai-model-poisoning-detection-techniques Mon, 08 Apr 2024 09:00:00 GMT AI Security hi@safeguard.sh (Bob) <![CDATA[Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared]]> https://safeguard.sh/resources/blog/kubernetes-secrets-management-comparison https://safeguard.sh/resources/blog/kubernetes-secrets-management-comparison Mon, 08 Apr 2024 00:00:00 GMT Kubernetes Security hi@safeguard.sh (Alex) <![CDATA[Latin America's Evolving Cybersecurity Regulations and Supply Chain Implications]]> https://safeguard.sh/resources/blog/latin-america-cybersecurity-regulations https://safeguard.sh/resources/blog/latin-america-cybersecurity-regulations Mon, 08 Apr 2024 00:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[cargo audit vs cargo deny]]> https://safeguard.sh/resources/blog/cargo-audit-vs-cargo-deny-comparison https://safeguard.sh/resources/blog/cargo-audit-vs-cargo-deny-comparison Fri, 05 Apr 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[XZ Utils Backdoor: Technical Breakdown]]> https://safeguard.sh/resources/blog/xz-utils-backdoor-technical-breakdown https://safeguard.sh/resources/blog/xz-utils-backdoor-technical-breakdown Fri, 05 Apr 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Prototype Pollution in JavaScript: Prevention Guide]]> https://safeguard.sh/resources/blog/prototype-pollution-javascript-prevention https://safeguard.sh/resources/blog/prototype-pollution-javascript-prevention Fri, 05 Apr 2024 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Threat Intelligence Feeds for Supply Chain Security]]> https://safeguard.sh/resources/blog/threat-intelligence-feeds-supply-chain https://safeguard.sh/resources/blog/threat-intelligence-feeds-supply-chain Fri, 05 Apr 2024 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Yukti Singhal) <![CDATA[After XZ Utils: Rethinking Trust in Open Source Software]]> https://safeguard.sh/resources/blog/xz-utils-lessons-for-open-source-trust https://safeguard.sh/resources/blog/xz-utils-lessons-for-open-source-trust Fri, 05 Apr 2024 09:00:00 GMT Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Enterprise SCA Tool Evaluation Framework]]> https://safeguard.sh/resources/blog/enterprise-sca-tool-evaluation-framework https://safeguard.sh/resources/blog/enterprise-sca-tool-evaluation-framework Fri, 05 Apr 2024 08:00:00 GMT Industry Guides hi@safeguard.sh (Bob) <![CDATA[Mend vs Black Duck: Functional Comparison]]> https://safeguard.sh/resources/blog/mend-vs-black-duck-functional-comparison-2024 https://safeguard.sh/resources/blog/mend-vs-black-duck-functional-comparison-2024 Wed, 03 Apr 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Jenkins Pipeline Supply Chain Security]]> https://safeguard.sh/resources/blog/jenkins-pipeline-supply-chain-security https://safeguard.sh/resources/blog/jenkins-pipeline-supply-chain-security Tue, 02 Apr 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Forking Security: What Happens When Open Source Projects Diverge]]> https://safeguard.sh/resources/blog/forking-security-when-projects-diverge https://safeguard.sh/resources/blog/forking-security-when-projects-diverge Tue, 02 Apr 2024 00:00:00 GMT Open Source Security hi@safeguard.sh (Michael) <![CDATA[Safeguard Portal: Giving Your Customers a Window Into Your Supply Chain]]> https://safeguard.sh/resources/blog/safeguard-portal-customer-transparency https://safeguard.sh/resources/blog/safeguard-portal-customer-transparency Mon, 01 Apr 2024 10:00:00 GMT Product hi@safeguard.sh (James) <![CDATA[How One Engineer's Curiosity Saved Linux: The XZ Utils Backdoor Discovery Story]]> https://safeguard.sh/resources/blog/xz-utils-backdoor-how-it-was-discovered https://safeguard.sh/resources/blog/xz-utils-backdoor-how-it-was-discovered Mon, 01 Apr 2024 09:00:00 GMT Supply Chain Security hi@safeguard.sh (James) <![CDATA[PCI DSS 4.0 Software Security Requirements]]> https://safeguard.sh/resources/blog/pci-dss-4-0-software-security-requirements https://safeguard.sh/resources/blog/pci-dss-4-0-software-security-requirements Sun, 31 Mar 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[AT&T Data Breach: 73 Million Customer Records Surface on the Dark Web]]> https://safeguard.sh/resources/blog/att-73-million-records-dark-web https://safeguard.sh/resources/blog/att-73-million-records-dark-web Sat, 30 Mar 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Bob) <![CDATA[XZ Utils Backdoor (CVE-2024-3094): The Most Sophisticated Supply Chain Attack Ever Discovered]]> https://safeguard.sh/resources/blog/xz-utils-backdoor-cve-2024-3094-analysis https://safeguard.sh/resources/blog/xz-utils-backdoor-cve-2024-3094-analysis Fri, 29 Mar 2024 08:00:00 GMT Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Go Proxy and Private Module Security]]> https://safeguard.sh/resources/blog/go-proxy-private-module-security https://safeguard.sh/resources/blog/go-proxy-private-module-security Thu, 28 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Ninja Build Supply Chain Considerations]]> https://safeguard.sh/resources/blog/ninja-build-supply-chain-considerations https://safeguard.sh/resources/blog/ninja-build-supply-chain-considerations Thu, 28 Mar 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Splunk Supply Chain Detection Content Pack]]> https://safeguard.sh/resources/blog/splunk-supply-chain-detection-content-pack https://safeguard.sh/resources/blog/splunk-supply-chain-detection-content-pack Thu, 28 Mar 2024 00:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[GCP Cloud Run Supply Chain Security]]> https://safeguard.sh/resources/blog/gcp-cloud-run-supply-chain-security https://safeguard.sh/resources/blog/gcp-cloud-run-supply-chain-security Mon, 25 Mar 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[GitHub Advanced Security vs Alternatives, Early 2024]]> https://safeguard.sh/resources/blog/github-advanced-security-vs-alternatives-2024 https://safeguard.sh/resources/blog/github-advanced-security-vs-alternatives-2024 Mon, 25 Mar 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Maven Enforcer Plugin Security Rules]]> https://safeguard.sh/resources/blog/maven-enforcer-plugin-security-rules https://safeguard.sh/resources/blog/maven-enforcer-plugin-security-rules Mon, 25 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[SLSA Build L1 to L3 Migration Playbook]]> https://safeguard.sh/resources/blog/slsa-build-l1-to-l3-migration-playbook https://safeguard.sh/resources/blog/slsa-build-l1-to-l3-migration-playbook Mon, 25 Mar 2024 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Dependency Firewalls: Concept, Architecture, and Implementation]]> https://safeguard.sh/resources/blog/dependency-firewall-concept-implementation https://safeguard.sh/resources/blog/dependency-firewall-concept-implementation Mon, 25 Mar 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Defense Industrial Base Supply Chain and CMMC]]> https://safeguard.sh/resources/blog/defense-industrial-base-supply-chain-cmmc https://safeguard.sh/resources/blog/defense-industrial-base-supply-chain-cmmc Fri, 22 Mar 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[NestJS Enterprise Security Guide]]> https://safeguard.sh/resources/blog/nest-js-enterprise-security-guide https://safeguard.sh/resources/blog/nest-js-enterprise-security-guide Fri, 22 Mar 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams]]> https://safeguard.sh/resources/blog/post-quantum-cryptography-transition-guide https://safeguard.sh/resources/blog/post-quantum-cryptography-transition-guide Fri, 22 Mar 2024 10:00:00 GMT Emerging Technology hi@safeguard.sh (Yukti Singhal) <![CDATA[Wolfi OS: The Linux Distribution Built for Secure Containers]]> https://safeguard.sh/resources/blog/wolfi-os-container-base-image-security https://safeguard.sh/resources/blog/wolfi-os-container-base-image-security Fri, 22 Mar 2024 00:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[npm Lifecycle Scripts: The Hidden Attack Surface in Your Node.js Supply Chain]]> https://safeguard.sh/resources/blog/npm-lifecycle-scripts-security-risks https://safeguard.sh/resources/blog/npm-lifecycle-scripts-security-risks Wed, 20 Mar 2024 12:00:00 GMT Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Rust Build Scripts: A Supply Chain Risk Profile]]> https://safeguard.sh/resources/blog/rust-supply-chain-build-scripts-risk https://safeguard.sh/resources/blog/rust-supply-chain-build-scripts-risk Wed, 20 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Prisma Cloud Container Security: Palo Alto's Cloud Native Play]]> https://safeguard.sh/resources/blog/prisma-cloud-container-security-review https://safeguard.sh/resources/blog/prisma-cloud-container-security-review Wed, 20 Mar 2024 00:00:00 GMT Tool Reviews hi@safeguard.sh (Alex) <![CDATA[AWS Lambda Layers: Supply Chain Risks]]> https://safeguard.sh/resources/blog/aws-lambda-layers-supply-chain-risks https://safeguard.sh/resources/blog/aws-lambda-layers-supply-chain-risks Mon, 18 Mar 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Okta 2022-2023 Incidents: Supply Chain Lessons]]> https://safeguard.sh/resources/blog/okta-2022-2023-incidents-supply-chain-lessons https://safeguard.sh/resources/blog/okta-2022-2023-incidents-supply-chain-lessons Mon, 18 Mar 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Single-Maintainer Bus Factor Risk in OSS]]> https://safeguard.sh/resources/blog/open-source-single-maintainer-bus-factor-risk https://safeguard.sh/resources/blog/open-source-single-maintainer-bus-factor-risk Mon, 18 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[SOC 2 Meets SSDF: A Practical Mapping]]> https://safeguard.sh/resources/blog/soc2-meets-ssdf-mapping-practical https://safeguard.sh/resources/blog/soc2-meets-ssdf-mapping-practical Mon, 18 Mar 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Cloud Security Posture Management: A No-Nonsense Guide]]> https://safeguard.sh/resources/blog/cloud-security-posture-management-guide https://safeguard.sh/resources/blog/cloud-security-posture-management-guide Mon, 18 Mar 2024 10:00:00 GMT Cloud Security hi@safeguard.sh (Alex) <![CDATA[Node.js Permission Model: Restricting What Your Code Can Do]]> https://safeguard.sh/resources/blog/nodejs-permission-model https://safeguard.sh/resources/blog/nodejs-permission-model Mon, 18 Mar 2024 10:00:00 GMT Secure Development hi@safeguard.sh (Alex) <![CDATA[GitHub's Supply Chain Security Features]]> https://safeguard.sh/resources/blog/github-supply-chain-security-features https://safeguard.sh/resources/blog/github-supply-chain-security-features Mon, 18 Mar 2024 00:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Where Technical Debt Meets Security Debt]]> https://safeguard.sh/resources/blog/technical-debt-security-debt-intersection https://safeguard.sh/resources/blog/technical-debt-security-debt-intersection Mon, 18 Mar 2024 00:00:00 GMT Risk Management hi@safeguard.sh (Bob) <![CDATA[Vault Supply Chain Integration Patterns]]> https://safeguard.sh/resources/blog/hashicorp-vault-supply-chain-integration-patterns https://safeguard.sh/resources/blog/hashicorp-vault-supply-chain-integration-patterns Fri, 15 Mar 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Ruby Gem Reserved Names Policy]]> https://safeguard.sh/resources/blog/ruby-gem-reserved-names-policy https://safeguard.sh/resources/blog/ruby-gem-reserved-names-policy Fri, 15 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[ESSCM: Enterprise SBOM Management at Scale]]> https://safeguard.sh/resources/blog/safeguard-esscm-enterprise-sbom-management https://safeguard.sh/resources/blog/safeguard-esscm-enterprise-sbom-management Fri, 15 Mar 2024 10:00:00 GMT Product hi@safeguard.sh (Nayan Dey) <![CDATA[NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams]]> https://safeguard.sh/resources/blog/nist-nvd-slowdown-vulnerability-enrichment https://safeguard.sh/resources/blog/nist-nvd-slowdown-vulnerability-enrichment Fri, 15 Mar 2024 09:00:00 GMT Industry Analysis hi@safeguard.sh (James) <![CDATA[Security Testing for Data Pipelines: A Practical Guide]]> https://safeguard.sh/resources/blog/security-testing-data-pipelines https://safeguard.sh/resources/blog/security-testing-data-pipelines Fri, 15 Mar 2024 09:00:00 GMT AppSec hi@safeguard.sh (Bob) <![CDATA[PyPI Account Recovery: A Security Model Review]]> https://safeguard.sh/resources/blog/pypi-account-recovery-security-model https://safeguard.sh/resources/blog/pypi-account-recovery-security-model Thu, 14 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Azure Functions Supply Chain Security]]> https://safeguard.sh/resources/blog/azure-functions-supply-chain-security https://safeguard.sh/resources/blog/azure-functions-supply-chain-security Tue, 12 Mar 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Chocolatey Package Security on Windows: What You Need to Know]]> https://safeguard.sh/resources/blog/chocolatey-package-security-windows https://safeguard.sh/resources/blog/chocolatey-package-security-windows Tue, 12 Mar 2024 10:00:00 GMT Supply Chain Security hi@safeguard.sh (James) <![CDATA[.NET Trimming Security Implications: What Gets Cut and Why It Matters]]> https://safeguard.sh/resources/blog/dotnet-trimming-security-implications https://safeguard.sh/resources/blog/dotnet-trimming-security-implications Tue, 12 Mar 2024 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Security Architecture Review Process: A Practical Framework]]> https://safeguard.sh/resources/blog/security-architecture-review-process https://safeguard.sh/resources/blog/security-architecture-review-process Tue, 12 Mar 2024 10:00:00 GMT Security Operations hi@safeguard.sh (Michael) <![CDATA[Energy Sector Software Security and NERC CIP Compliance]]> https://safeguard.sh/resources/blog/energy-sector-software-security-nerc-cip https://safeguard.sh/resources/blog/energy-sector-software-security-nerc-cip Tue, 12 Mar 2024 09:00:00 GMT Industry Guides hi@safeguard.sh (Michael) <![CDATA[Endor Labs SCA Review: Reachability Analysis Changes the Game]]> https://safeguard.sh/resources/blog/endor-labs-sca-platform-review https://safeguard.sh/resources/blog/endor-labs-sca-platform-review Tue, 12 Mar 2024 00:00:00 GMT Tool Reviews hi@safeguard.sh (Nayan Dey) <![CDATA[Flutter and Dart Dependency Security: A Practical Guide]]> https://safeguard.sh/resources/blog/flutter-dart-dependency-security-guide https://safeguard.sh/resources/blog/flutter-dart-dependency-security-guide Tue, 12 Mar 2024 00:00:00 GMT Developer Security hi@safeguard.sh (Shadab Khan) <![CDATA[CISA Secure Software Development Attestation: What Vendors Must Know]]> https://safeguard.sh/resources/blog/cisa-secure-software-development-attestation https://safeguard.sh/resources/blog/cisa-secure-software-development-attestation Mon, 11 Mar 2024 09:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[CISA KEV Catalog Growth: A 2024 Q1 Analysis]]> https://safeguard.sh/resources/blog/cisa-kev-catalog-growth-analysis-2024 https://safeguard.sh/resources/blog/cisa-kev-catalog-growth-analysis-2024 Sun, 10 Mar 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[.NET 8 Supply Chain Improvements]]> https://safeguard.sh/resources/blog/dotnet-8-supply-chain-improvements https://safeguard.sh/resources/blog/dotnet-8-supply-chain-improvements Sun, 10 Mar 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Kubernetes CVE-2024-3177: Bypassing Mountable Secrets Policy]]> https://safeguard.sh/resources/blog/kubernetes-vulnerability-cve-2024-3177 https://safeguard.sh/resources/blog/kubernetes-vulnerability-cve-2024-3177 Sun, 10 Mar 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[BianLian's Pivot: From Ransomware Encryption to Pure Data Extortion]]> https://safeguard.sh/resources/blog/bianlian-ransomware-data-extortion-evolution https://safeguard.sh/resources/blog/bianlian-ransomware-data-extortion-evolution Sun, 10 Mar 2024 00:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[CI/CD Compromise Investigation Steps]]> https://safeguard.sh/resources/blog/ci-cd-compromise-investigation-steps https://safeguard.sh/resources/blog/ci-cd-compromise-investigation-steps Fri, 08 Mar 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[How to Publish an npm Package With Provenance]]> https://safeguard.sh/resources/blog/how-to-publish-npm-package-with-provenance https://safeguard.sh/resources/blog/how-to-publish-npm-package-with-provenance Fri, 08 Mar 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Tekton Pipelines Hardening Guide]]> https://safeguard.sh/resources/blog/tekton-pipelines-hardening-guide https://safeguard.sh/resources/blog/tekton-pipelines-hardening-guide Fri, 08 Mar 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[VM to Container: Supply Chain Implications of the Migration]]> https://safeguard.sh/resources/blog/vm-to-container-supply-chain-implications https://safeguard.sh/resources/blog/vm-to-container-supply-chain-implications Fri, 08 Mar 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Certificate Pinning for Software Updates: When and How to Pin]]> https://safeguard.sh/resources/blog/certificate-pinning-software-updates https://safeguard.sh/resources/blog/certificate-pinning-software-updates Fri, 08 Mar 2024 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Mobile Application Security Testing: Beyond the OWASP Mobile Top 10]]> https://safeguard.sh/resources/blog/mobile-application-security-testing https://safeguard.sh/resources/blog/mobile-application-security-testing Fri, 08 Mar 2024 00:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Security KPI Frameworks: Measuring What Matters Without Drowning in Metrics]]> https://safeguard.sh/resources/blog/security-kpi-frameworks-guide https://safeguard.sh/resources/blog/security-kpi-frameworks-guide Fri, 08 Mar 2024 00:00:00 GMT Security Management hi@safeguard.sh (Michael) <![CDATA[Fintech Software Supply Chain Regulatory Map]]> https://safeguard.sh/resources/blog/fintech-software-supply-chain-regulatory-map https://safeguard.sh/resources/blog/fintech-software-supply-chain-regulatory-map Tue, 05 Mar 2024 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Kubernetes Secrets Encryption Providers Reviewed]]> https://safeguard.sh/resources/blog/kubernetes-secrets-encryption-providers-review https://safeguard.sh/resources/blog/kubernetes-secrets-encryption-providers-review Tue, 05 Mar 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Abandoned Package Takeover: When Maintainers Walk Away]]> https://safeguard.sh/resources/blog/abandoned-package-takeover-risks https://safeguard.sh/resources/blog/abandoned-package-takeover-risks Tue, 05 Mar 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Capacitor and Ionic Hybrid App Security: A Practical Guide]]> https://safeguard.sh/resources/blog/capacitor-ionic-hybrid-app-security https://safeguard.sh/resources/blog/capacitor-ionic-hybrid-app-security Tue, 05 Mar 2024 10:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[Crates.io Security Audit Results: The State of Rust Package Security]]> https://safeguard.sh/resources/blog/crates-io-security-audit-results https://safeguard.sh/resources/blog/crates-io-security-audit-results Tue, 05 Mar 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[Software Liability in 2024: The Shift From Caveat Emptor to Vendor Accountability]]> https://safeguard.sh/resources/blog/software-liability-shifting-landscape-2024 https://safeguard.sh/resources/blog/software-liability-shifting-landscape-2024 Tue, 05 Mar 2024 09:00:00 GMT Policy & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Argo CD GitOps Security Guide]]> https://safeguard.sh/resources/blog/argo-cd-gitops-security-guide https://safeguard.sh/resources/blog/argo-cd-gitops-security-guide Tue, 05 Mar 2024 00:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Securing Software Update Mechanisms]]> https://safeguard.sh/resources/blog/software-update-mechanism-security https://safeguard.sh/resources/blog/software-update-mechanism-security Tue, 05 Mar 2024 00:00:00 GMT Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Introducing Safeguard: Software Supply Chain Security, Done Right]]> https://safeguard.sh/resources/blog/introducing-safeguard-software-supply-chain-security https://safeguard.sh/resources/blog/introducing-safeguard-software-supply-chain-security Fri, 01 Mar 2024 10:00:00 GMT Company hi@safeguard.sh (Yukti Singhal) <![CDATA[AWS SAM Template Security Considerations]]> https://safeguard.sh/resources/blog/aws-sam-template-security-considerations https://safeguard.sh/resources/blog/aws-sam-template-security-considerations Wed, 28 Feb 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[How to Set Up Sigstore in Your Build Pipeline]]> https://safeguard.sh/resources/blog/how-to-set-up-sigstore-in-your-build-pipeline https://safeguard.sh/resources/blog/how-to-set-up-sigstore-in-your-build-pipeline Wed, 28 Feb 2024 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Lazarus Group Software Supply Chain Campaigns]]> https://safeguard.sh/resources/blog/lazarus-group-software-supply-chain-campaigns https://safeguard.sh/resources/blog/lazarus-group-software-supply-chain-campaigns Wed, 28 Feb 2024 12:00:00 GMT Industry Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[LockBit Takedown: Inside Operation Cronos]]> https://safeguard.sh/resources/blog/lockbit-takedown-operation-cronos-analysis https://safeguard.sh/resources/blog/lockbit-takedown-operation-cronos-analysis Wed, 28 Feb 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Multi-Cloud Security Posture Management for Supply Chains]]> https://safeguard.sh/resources/blog/multi-cloud-security-posture-management https://safeguard.sh/resources/blog/multi-cloud-security-posture-management Wed, 28 Feb 2024 11:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Building a Security Champions Program]]> https://safeguard.sh/resources/blog/security-champions-program-building-guide https://safeguard.sh/resources/blog/security-champions-program-building-guide Wed, 28 Feb 2024 09:00:00 GMT How-To Guide hi@safeguard.sh (Yukti Singhal) <![CDATA[Building a Software Vendor Security Scorecard]]> https://safeguard.sh/resources/blog/software-vendor-security-scorecard https://safeguard.sh/resources/blog/software-vendor-security-scorecard Wed, 28 Feb 2024 09:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[Earthly Reproducible Builds and Security]]> https://safeguard.sh/resources/blog/earthly-reproducible-builds-security https://safeguard.sh/resources/blog/earthly-reproducible-builds-security Wed, 28 Feb 2024 00:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[CISA's Memory-Safe Languages Roadmap: What It Means for Software Development]]> https://safeguard.sh/resources/blog/cisa-memory-safe-languages-roadmap https://safeguard.sh/resources/blog/cisa-memory-safe-languages-roadmap Mon, 26 Feb 2024 12:00:00 GMT Compliance & Frameworks hi@safeguard.sh (Shadab Khan) <![CDATA[NIST Cybersecurity Framework 2.0: What Changed and Why It Matters]]> https://safeguard.sh/resources/blog/nist-cybersecurity-framework-2-0-guide https://safeguard.sh/resources/blog/nist-cybersecurity-framework-2-0-guide Mon, 26 Feb 2024 10:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[NuGet Package Signing: Enterprise Rollout]]> https://safeguard.sh/resources/blog/nuget-package-signing-enterprise-rollout https://safeguard.sh/resources/blog/nuget-package-signing-enterprise-rollout Sun, 25 Feb 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Poetry and Python Supply Chain Security]]> https://safeguard.sh/resources/blog/python-poetry-supply-chain-security https://safeguard.sh/resources/blog/python-poetry-supply-chain-security Thu, 22 Feb 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[PDF Supply Chain Attack Vectors: When Documents Become Weapons]]> https://safeguard.sh/resources/blog/pdf-supply-chain-attack-vectors https://safeguard.sh/resources/blog/pdf-supply-chain-attack-vectors Thu, 22 Feb 2024 10:00:00 GMT Vulnerability Management hi@safeguard.sh (James) <![CDATA[Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History]]> https://safeguard.sh/resources/blog/unitedhealth-change-healthcare-breach https://safeguard.sh/resources/blog/unitedhealth-change-healthcare-breach Wed, 21 Feb 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (James) <![CDATA[Change Healthcare Ransomware Attack: The Breach That Disrupted American Healthcare]]> https://safeguard.sh/resources/blog/change-healthcare-ransomware-attack https://safeguard.sh/resources/blog/change-healthcare-ransomware-attack Wed, 21 Feb 2024 10:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Operation Cronos: How Law Enforcement Dismantled LockBit Ransomware]]> https://safeguard.sh/resources/blog/lockbit-ransomware-takedown-operation-cronos https://safeguard.sh/resources/blog/lockbit-ransomware-takedown-operation-cronos Tue, 20 Feb 2024 11:00:00 GMT Threat Intelligence hi@safeguard.sh (Yukti Singhal) <![CDATA[Dependency Confusion in Private Registries: The Attack That Keeps Working]]> https://safeguard.sh/resources/blog/dependency-confusion-private-registries https://safeguard.sh/resources/blog/dependency-confusion-private-registries Tue, 20 Feb 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Security Awareness Training That Developers Don't Hate]]> https://safeguard.sh/resources/blog/security-awareness-training-developers https://safeguard.sh/resources/blog/security-awareness-training-developers Tue, 20 Feb 2024 10:00:00 GMT Best Practices hi@safeguard.sh (Bob) <![CDATA[SBOMs for Microservices Architecture: Managing Complexity at Scale]]> https://safeguard.sh/resources/blog/sbom-for-microservices-architecture https://safeguard.sh/resources/blog/sbom-for-microservices-architecture Tue, 20 Feb 2024 00:00:00 GMT SBOM hi@safeguard.sh (Alex) <![CDATA[Shopify's Supply Chain Security Program]]> https://safeguard.sh/resources/blog/shopify-supply-chain-security-program https://safeguard.sh/resources/blog/shopify-supply-chain-security-program Tue, 20 Feb 2024 00:00:00 GMT Case Studies hi@safeguard.sh (Michael) <![CDATA[Fortinet FortiOS CVE-2024-21762: Exploitation Patterns]]> https://safeguard.sh/resources/blog/fortinet-fortios-cve-2024-21762-exploitation https://safeguard.sh/resources/blog/fortinet-fortios-cve-2024-21762-exploitation Sun, 18 Feb 2024 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[gVisor Runtime Security Deep Dive]]> https://safeguard.sh/resources/blog/gvisor-runtime-security-deep-dive https://safeguard.sh/resources/blog/gvisor-runtime-security-deep-dive Sun, 18 Feb 2024 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[NYDFS Cybersecurity Regulation: Software Security Requirements for Financial Firms]]> https://safeguard.sh/resources/blog/nydfs-cybersecurity-regulation-software https://safeguard.sh/resources/blog/nydfs-cybersecurity-regulation-software Sun, 18 Feb 2024 09:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[Supply Chain Incident Notification Laws: A Global Overview]]> https://safeguard.sh/resources/blog/supply-chain-incident-notification-laws https://safeguard.sh/resources/blog/supply-chain-incident-notification-laws Sun, 18 Feb 2024 09:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[Semgrep vs CodeQL: Static Analysis for Security Teams]]> https://safeguard.sh/resources/blog/semgrep-codeql-sast-comparison https://safeguard.sh/resources/blog/semgrep-codeql-sast-comparison Sun, 18 Feb 2024 00:00:00 GMT Tool Comparisons hi@safeguard.sh (Alex) <![CDATA[XML External Entity (XXE) Prevention: Disabling the Features That Attack You]]> https://safeguard.sh/resources/blog/xml-external-entity-xxe-prevention https://safeguard.sh/resources/blog/xml-external-entity-xxe-prevention Sun, 18 Feb 2024 00:00:00 GMT Code Security hi@safeguard.sh (Bob) <![CDATA[How to Enforce Cosign Signatures in Kubernetes Admission]]> https://safeguard.sh/resources/blog/how-to-enforce-cosign-signatures-in-kubernetes-admission https://safeguard.sh/resources/blog/how-to-enforce-cosign-signatures-in-kubernetes-admission Thu, 15 Feb 2024 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[.NET NuGet Package Security]]> https://safeguard.sh/resources/blog/dotnet-nuget-package-security https://safeguard.sh/resources/blog/dotnet-nuget-package-security Thu, 15 Feb 2024 10:00:00 GMT Dependency Security hi@safeguard.sh (Alex) <![CDATA[Media and Entertainment Software Supply Chain Security]]> https://safeguard.sh/resources/blog/media-entertainment-software-supply-chain https://safeguard.sh/resources/blog/media-entertainment-software-supply-chain Thu, 15 Feb 2024 10:00:00 GMT Industry Guides hi@safeguard.sh (Nayan Dey) <![CDATA[Why We Built Safeguard]]> https://safeguard.sh/resources/blog/why-we-built-safeguard https://safeguard.sh/resources/blog/why-we-built-safeguard Thu, 15 Feb 2024 10:00:00 GMT Company hi@safeguard.sh (Shadab Khan) <![CDATA[Azure Managed Identities and the Supply Chain]]> https://safeguard.sh/resources/blog/azure-managed-identities-supply-chain https://safeguard.sh/resources/blog/azure-managed-identities-supply-chain Wed, 14 Feb 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Bank of America Breach via Infosys McCamish Exposes 57,000 Customers]]> https://safeguard.sh/resources/blog/bank-of-america-infosys-mccamish-breach https://safeguard.sh/resources/blog/bank-of-america-infosys-mccamish-breach Mon, 12 Feb 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Multi-Stage Docker Builds: The Security Implications Nobody Talks About]]> https://safeguard.sh/resources/blog/multi-stage-docker-builds-security https://safeguard.sh/resources/blog/multi-stage-docker-builds-security Mon, 12 Feb 2024 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Service Worker Security Risks: The Persistent Threat in Your Browser]]> https://safeguard.sh/resources/blog/service-worker-security-risks https://safeguard.sh/resources/blog/service-worker-security-risks Mon, 12 Feb 2024 10:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[Compliance as Code: Implementation Guide for Security Teams]]> https://safeguard.sh/resources/blog/compliance-as-code-implementation-guide https://safeguard.sh/resources/blog/compliance-as-code-implementation-guide Mon, 12 Feb 2024 09:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[go mod tidy: The Security Implications]]> https://safeguard.sh/resources/blog/go-mod-tidy-security-implications https://safeguard.sh/resources/blog/go-mod-tidy-security-implications Sat, 10 Feb 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[npm Package Visibility Audit Techniques]]> https://safeguard.sh/resources/blog/npm-package-visibility-audit-techniques https://safeguard.sh/resources/blog/npm-package-visibility-audit-techniques Sat, 10 Feb 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[SBOMs for AI/ML Models: Why Machine Learning Needs a Bill of Materials]]> https://safeguard.sh/resources/blog/sbom-for-ai-ml-models-emerging-standards https://safeguard.sh/resources/blog/sbom-for-ai-ml-models-emerging-standards Sat, 10 Feb 2024 09:00:00 GMT SBOM & Standards hi@safeguard.sh (Michael) <![CDATA[Remix Framework Security Deep Dive]]> https://safeguard.sh/resources/blog/remix-framework-security-deep-dive https://safeguard.sh/resources/blog/remix-framework-security-deep-dive Thu, 08 Feb 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Building vs Buying Security Tools: Making the Right Call]]> https://safeguard.sh/resources/blog/building-vs-buying-security-tools https://safeguard.sh/resources/blog/building-vs-buying-security-tools Thu, 08 Feb 2024 10:00:00 GMT Security Strategy hi@safeguard.sh (Yukti Singhal) <![CDATA[Government Contractor SBOM Compliance: Meeting Federal Requirements]]> https://safeguard.sh/resources/blog/government-contractor-sbom-compliance https://safeguard.sh/resources/blog/government-contractor-sbom-compliance Thu, 08 Feb 2024 08:00:00 GMT Industry Guides hi@safeguard.sh (James) <![CDATA[Green Software and Security: When Sustainability Meets Supply Chain Risk]]> https://safeguard.sh/resources/blog/green-software-security-sustainability https://safeguard.sh/resources/blog/green-software-security-sustainability Thu, 08 Feb 2024 08:00:00 GMT Industry Trends hi@safeguard.sh (Shadab Khan) <![CDATA[Software Updates in Air-Gapped Environments: Security Without Connectivity]]> https://safeguard.sh/resources/blog/air-gapped-environment-software-updates https://safeguard.sh/resources/blog/air-gapped-environment-software-updates Thu, 08 Feb 2024 00:00:00 GMT Infrastructure Security hi@safeguard.sh (Yukti Singhal) <![CDATA[The Annual Vendor Security Review Cadence]]> https://safeguard.sh/resources/blog/annual-vendor-security-review-cadence https://safeguard.sh/resources/blog/annual-vendor-security-review-cadence Tue, 06 Feb 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Privilege Escalation in Web Applications: Attacks and Defenses]]> https://safeguard.sh/resources/blog/privilege-escalation-web-applications https://safeguard.sh/resources/blog/privilege-escalation-web-applications Mon, 05 Feb 2024 10:00:00 GMT Web Security hi@safeguard.sh (James) <![CDATA[Secure Development Environment Setup: A Practical Guide]]> https://safeguard.sh/resources/blog/secure-development-environment-setup https://safeguard.sh/resources/blog/secure-development-environment-setup Mon, 05 Feb 2024 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[South Korea's Cybersecurity Regulations and Software Supply Chain Requirements]]> https://safeguard.sh/resources/blog/south-korea-cybersecurity-regulations https://safeguard.sh/resources/blog/south-korea-cybersecurity-regulations Mon, 05 Feb 2024 09:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[AnyDesk Production Systems Compromised: Code Signing Certificates Stolen]]> https://safeguard.sh/resources/blog/anydesk-production-systems-compromised https://safeguard.sh/resources/blog/anydesk-production-systems-compromised Fri, 02 Feb 2024 10:00:00 GMT Incident Analysis hi@safeguard.sh (Alex) <![CDATA[Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion]]> https://safeguard.sh/resources/blog/cloudflare-thanksgiving-2023-breach-okta https://safeguard.sh/resources/blog/cloudflare-thanksgiving-2023-breach-okta Thu, 01 Feb 2024 09:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[Secure Boot UEFI and Software Supply Chain Links]]> https://safeguard.sh/resources/blog/secure-boot-uefi-software-supply-chain-links https://safeguard.sh/resources/blog/secure-boot-uefi-software-supply-chain-links Tue, 30 Jan 2024 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[SBOMs for Defense Contractors: Aligning with CMMC and DoD Requirements]]> https://safeguard.sh/resources/blog/sbom-for-defense-contractors-cmmc https://safeguard.sh/resources/blog/sbom-for-defense-contractors-cmmc Sun, 28 Jan 2024 10:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[YAML Deserialization Attacks and How to Prevent Them]]> https://safeguard.sh/resources/blog/yaml-deserialization-attacks-prevention https://safeguard.sh/resources/blog/yaml-deserialization-attacks-prevention Sun, 28 Jan 2024 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Vite and Turbopack: Security Considerations for Next-Gen Build Tools]]> https://safeguard.sh/resources/blog/vite-turbopack-build-security https://safeguard.sh/resources/blog/vite-turbopack-build-security Sun, 28 Jan 2024 09:00:00 GMT AppSec hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM for Fintech Startups: Compliance and Security from Day One]]> https://safeguard.sh/resources/blog/sbom-for-fintech-startups https://safeguard.sh/resources/blog/sbom-for-fintech-startups Sun, 28 Jan 2024 00:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Midnight Blizzard and the Microsoft Email Breach]]> https://safeguard.sh/resources/blog/midnight-blizzard-microsoft-email-breach-analysis https://safeguard.sh/resources/blog/midnight-blizzard-microsoft-email-breach-analysis Thu, 25 Jan 2024 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Auditing AI-Generated Code: A Practical Security Guide]]> https://safeguard.sh/resources/blog/ai-code-generation-security-audit-guide https://safeguard.sh/resources/blog/ai-code-generation-security-audit-guide Thu, 25 Jan 2024 09:00:00 GMT AppSec hi@safeguard.sh (Alex) <![CDATA[SBOM API Integration Patterns for Development Teams]]> https://safeguard.sh/resources/blog/sbom-api-integration-patterns https://safeguard.sh/resources/blog/sbom-api-integration-patterns Thu, 25 Jan 2024 00:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Trello API Scraping Exposes 15 Million User Accounts]]> https://safeguard.sh/resources/blog/trello-15-million-accounts-exposed https://safeguard.sh/resources/blog/trello-15-million-accounts-exposed Mon, 22 Jan 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Netflix's Open-Source Security Approach]]> https://safeguard.sh/resources/blog/netflix-open-source-security-approach https://safeguard.sh/resources/blog/netflix-open-source-security-approach Mon, 22 Jan 2024 00:00:00 GMT Case Studies hi@safeguard.sh (James) <![CDATA[npm audit vs pnpm audit vs yarn audit]]> https://safeguard.sh/resources/blog/npm-audit-vs-pnpm-audit-vs-yarn-audit https://safeguard.sh/resources/blog/npm-audit-vs-pnpm-audit-vs-yarn-audit Sat, 20 Jan 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Manufacturing OT Software Supply Chain: Securing the Factory Floor]]> https://safeguard.sh/resources/blog/manufacturing-ot-software-supply-chain https://safeguard.sh/resources/blog/manufacturing-ot-software-supply-chain Sat, 20 Jan 2024 10:00:00 GMT Industry Guides hi@safeguard.sh (Alex) <![CDATA[React Application Security Guide]]> https://safeguard.sh/resources/blog/react-application-security-guide https://safeguard.sh/resources/blog/react-application-security-guide Sat, 20 Jan 2024 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails]]> https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-email-breach https://safeguard.sh/resources/blog/microsoft-midnight-blizzard-email-breach Fri, 19 Jan 2024 14:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Midnight Blizzard Breaches Microsoft: What the Exchange Online Attack Means for Everyone]]> https://safeguard.sh/resources/blog/midnight-blizzard-microsoft-exchange-breach https://safeguard.sh/resources/blog/midnight-blizzard-microsoft-exchange-breach Fri, 19 Jan 2024 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Nayan Dey) <![CDATA[Veracode SCA: Mature Application Security Meets Dependency Scanning]]> https://safeguard.sh/resources/blog/veracode-sca-platform-overview https://safeguard.sh/resources/blog/veracode-sca-platform-overview Thu, 18 Jan 2024 00:00:00 GMT Tool Reviews hi@safeguard.sh (Michael) <![CDATA[How to Detect Typosquatting in Package Installs]]> https://safeguard.sh/resources/blog/how-to-detect-typosquatting-in-package-installs https://safeguard.sh/resources/blog/how-to-detect-typosquatting-in-package-installs Mon, 15 Jan 2024 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Software Component Lifecycle Management]]> https://safeguard.sh/resources/blog/software-component-lifecycle-management https://safeguard.sh/resources/blog/software-component-lifecycle-management Mon, 15 Jan 2024 11:00:00 GMT Lifecycle Management hi@safeguard.sh (Yukti Singhal) <![CDATA[How to Security Audit an Open Source Project Before Adoption]]> https://safeguard.sh/resources/blog/open-source-project-security-audit-guide https://safeguard.sh/resources/blog/open-source-project-security-audit-guide Mon, 15 Jan 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Bun Runtime Security Considerations: Speed vs. Safety Trade-offs]]> https://safeguard.sh/resources/blog/bun-runtime-security-considerations https://safeguard.sh/resources/blog/bun-runtime-security-considerations Sun, 14 Jan 2024 10:00:00 GMT Secure Development hi@safeguard.sh (Bob) <![CDATA[Akira Ransomware: Exploiting VPN Vulnerabilities for Supply Chain Entry]]> https://safeguard.sh/resources/blog/akira-ransomware-supply-chain-entry https://safeguard.sh/resources/blog/akira-ransomware-supply-chain-entry Fri, 12 Jan 2024 10:00:00 GMT Ransomware hi@safeguard.sh (Nayan Dey) <![CDATA[AWS ECR Image Scanning: A Deep Dive Into What It Catches and What It Misses]]> https://safeguard.sh/resources/blog/aws-ecr-image-scanning-deep-dive https://safeguard.sh/resources/blog/aws-ecr-image-scanning-deep-dive Fri, 12 Jan 2024 10:00:00 GMT Cloud Security hi@safeguard.sh (Bob) <![CDATA[Express and Node.js Security Hardening]]> https://safeguard.sh/resources/blog/express-nodejs-security-hardening https://safeguard.sh/resources/blog/express-nodejs-security-hardening Fri, 12 Jan 2024 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Platform Engineering and Security: Building Guardrails, Not Gates]]> https://safeguard.sh/resources/blog/platform-engineering-security-integration https://safeguard.sh/resources/blog/platform-engineering-security-integration Fri, 12 Jan 2024 10:00:00 GMT Industry Trends hi@safeguard.sh (James) <![CDATA[Vulnerability SLA Compliance Tracking That Actually Works]]> https://safeguard.sh/resources/blog/vulnerability-sla-compliance-tracking https://safeguard.sh/resources/blog/vulnerability-sla-compliance-tracking Fri, 12 Jan 2024 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild]]> https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2024-21887-zero-day https://safeguard.sh/resources/blog/ivanti-connect-secure-cve-2024-21887-zero-day Wed, 10 Jan 2024 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Ansible Galaxy Security Risks: The Infrastructure Supply Chain You Forgot About]]> https://safeguard.sh/resources/blog/ansible-galaxy-security-risks https://safeguard.sh/resources/blog/ansible-galaxy-security-risks Mon, 08 Jan 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Gradle Plugin Security Risks: The Code That Runs Before Your Code]]> https://safeguard.sh/resources/blog/gradle-plugin-security-risks https://safeguard.sh/resources/blog/gradle-plugin-security-risks Mon, 08 Jan 2024 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[npm Registry Governance and the Security of node_modules]]> https://safeguard.sh/resources/blog/npm-registry-governance-and-security https://safeguard.sh/resources/blog/npm-registry-governance-and-security Mon, 08 Jan 2024 00:00:00 GMT Open Source Security hi@safeguard.sh (Michael) <![CDATA[HTTP Request Smuggling: A Practical Guide]]> https://safeguard.sh/resources/blog/http-request-smuggling-guide https://safeguard.sh/resources/blog/http-request-smuggling-guide Fri, 05 Jan 2024 10:00:00 GMT Web Security hi@safeguard.sh (Nayan Dey) <![CDATA[IAST vs RASP: Runtime Protection Approaches Compared]]> https://safeguard.sh/resources/blog/iast-rasp-runtime-protection-comparison https://safeguard.sh/resources/blog/iast-rasp-runtime-protection-comparison Fri, 05 Jan 2024 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[AI Code Review for Security: How Effective Is It Really?]]> https://safeguard.sh/resources/blog/ai-code-review-security-effectiveness https://safeguard.sh/resources/blog/ai-code-review-security-effectiveness Fri, 05 Jan 2024 09:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[How to Write a Security Advisory That Actually Helps]]> https://safeguard.sh/resources/blog/security-advisory-writing-guide https://safeguard.sh/resources/blog/security-advisory-writing-guide Thu, 28 Dec 2023 09:00:00 GMT Security Strategy hi@safeguard.sh (Bob) <![CDATA[Apache OFBiz CVE-2023-51467: Authentication Bypass in Enterprise Resource Planning]]> https://safeguard.sh/resources/blog/apache-ofbiz-cve-2023-51467-auth-bypass https://safeguard.sh/resources/blog/apache-ofbiz-cve-2023-51467-auth-bypass Tue, 26 Dec 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[npm Team Access Model Hardening]]> https://safeguard.sh/resources/blog/npm-team-access-model-hardening https://safeguard.sh/resources/blog/npm-team-access-model-hardening Fri, 22 Dec 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security in 2023: Year in Review]]> https://safeguard.sh/resources/blog/software-supply-chain-security-2023-year-review https://safeguard.sh/resources/blog/software-supply-chain-security-2023-year-review Wed, 20 Dec 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Alex) <![CDATA[Vulnerability Disclosure Policy Template]]> https://safeguard.sh/resources/blog/vulnerability-disclosure-policy-template https://safeguard.sh/resources/blog/vulnerability-disclosure-policy-template Wed, 20 Dec 2023 00:00:00 GMT Organizational Security hi@safeguard.sh (Yukti Singhal) <![CDATA[VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland]]> https://safeguard.sh/resources/blog/vans-vf-corporation-ransomware https://safeguard.sh/resources/blog/vans-vf-corporation-ransomware Mon, 18 Dec 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[Xfinity Breach via Citrix Bleed Exposes 35.9 Million Customers]]> https://safeguard.sh/resources/blog/xfinity-citrix-bleed-35-million https://safeguard.sh/resources/blog/xfinity-citrix-bleed-35-million Mon, 18 Dec 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Alex) <![CDATA[Building a Security Automation Playbook Library for Supply Chain Defense]]> https://safeguard.sh/resources/blog/security-automation-playbook-library https://safeguard.sh/resources/blog/security-automation-playbook-library Mon, 18 Dec 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Red Team Supply Chain Attack Simulation]]> https://safeguard.sh/resources/blog/red-team-supply-chain-attack-simulation https://safeguard.sh/resources/blog/red-team-supply-chain-attack-simulation Mon, 18 Dec 2023 00:00:00 GMT Offensive Security hi@safeguard.sh (Bob) <![CDATA[SEC Cyber Disclosure Rules: What Public Companies Must Do Now]]> https://safeguard.sh/resources/blog/sec-cyber-disclosure-rules-impact https://safeguard.sh/resources/blog/sec-cyber-disclosure-rules-impact Fri, 15 Dec 2023 11:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Autonomous Security Remediation: The Promise and Peril of Self-Healing Software]]> https://safeguard.sh/resources/blog/autonomous-security-remediation-future https://safeguard.sh/resources/blog/autonomous-security-remediation-future Fri, 15 Dec 2023 09:00:00 GMT AI Security hi@safeguard.sh (Michael) <![CDATA[JFrog Artifactory Hardening Guide]]> https://safeguard.sh/resources/blog/jfrog-artifactory-hardening-guide-2023 https://safeguard.sh/resources/blog/jfrog-artifactory-hardening-guide-2023 Thu, 14 Dec 2023 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[API Gateway Security Patterns That Actually Work]]> https://safeguard.sh/resources/blog/api-gateway-security-patterns https://safeguard.sh/resources/blog/api-gateway-security-patterns Tue, 12 Dec 2023 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Puppet Forge Supply Chain Security: Trusting Your Configuration Management]]> https://safeguard.sh/resources/blog/puppet-forge-supply-chain-security https://safeguard.sh/resources/blog/puppet-forge-supply-chain-security Tue, 12 Dec 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Michael) <![CDATA[Container Runtime Security Comparison: runc, gVisor, Kata, and Firecracker]]> https://safeguard.sh/resources/blog/container-runtime-comparison-security https://safeguard.sh/resources/blog/container-runtime-comparison-security Tue, 12 Dec 2023 00:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[Education Sector Software Security: Protecting Students and Data]]> https://safeguard.sh/resources/blog/education-sector-software-security https://safeguard.sh/resources/blog/education-sector-software-security Sun, 10 Dec 2023 11:00:00 GMT Industry Guides hi@safeguard.sh (Shadab Khan) <![CDATA[Log4j Two Years Later: Are We Actually Safer?]]> https://safeguard.sh/resources/blog/log4j-two-years-later-are-we-safer https://safeguard.sh/resources/blog/log4j-two-years-later-are-we-safer Sun, 10 Dec 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (Michael) <![CDATA[Post-Install Hooks Across Package Managers: A Comparative Security Analysis]]> https://safeguard.sh/resources/blog/post-install-hooks-across-package-managers https://safeguard.sh/resources/blog/post-install-hooks-across-package-managers Sun, 10 Dec 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[Norton Healthcare Ransomware Breach Exposes 2.5 Million Patient Records]]> https://safeguard.sh/resources/blog/norton-healthcare-ransomware-breach https://safeguard.sh/resources/blog/norton-healthcare-ransomware-breach Fri, 08 Dec 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[WAF Bypass Techniques and What They Mean for Supply Chain Security]]> https://safeguard.sh/resources/blog/web-application-firewall-bypass-techniques https://safeguard.sh/resources/blog/web-application-firewall-bypass-techniques Fri, 08 Dec 2023 14:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Firmware Analysis and Reverse Engineering for Security Teams]]> https://safeguard.sh/resources/blog/firmware-analysis-reverse-engineering-security https://safeguard.sh/resources/blog/firmware-analysis-reverse-engineering-security Fri, 08 Dec 2023 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Multi-Cloud Container Security: Building a Unified Strategy]]> https://safeguard.sh/resources/blog/multi-cloud-container-security-strategy https://safeguard.sh/resources/blog/multi-cloud-container-security-strategy Fri, 08 Dec 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Security Observability and Telemetry: Seeing What Matters]]> https://safeguard.sh/resources/blog/security-observability-telemetry-guide https://safeguard.sh/resources/blog/security-observability-telemetry-guide Fri, 08 Dec 2023 00:00:00 GMT Security Operations hi@safeguard.sh (Alex) <![CDATA[Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares]]> https://safeguard.sh/resources/blog/apache-struts-cve-2023-50164-rce https://safeguard.sh/resources/blog/apache-struts-cve-2023-50164-rce Thu, 07 Dec 2023 14:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[OpenShift Security Context Constraints: A Guide]]> https://safeguard.sh/resources/blog/openshift-security-context-constraints-guide https://safeguard.sh/resources/blog/openshift-security-context-constraints-guide Wed, 06 Dec 2023 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[How to Verify a PyPI Package Before Install]]> https://safeguard.sh/resources/blog/how-to-verify-pypi-package-before-install https://safeguard.sh/resources/blog/how-to-verify-pypi-package-before-install Tue, 05 Dec 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Deserialization Attacks in Java and Python]]> https://safeguard.sh/resources/blog/deserialization-attacks-java-python https://safeguard.sh/resources/blog/deserialization-attacks-java-python Tue, 05 Dec 2023 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Purple Team Exercises for Supply Chain Security]]> https://safeguard.sh/resources/blog/purple-team-supply-chain-exercises https://safeguard.sh/resources/blog/purple-team-supply-chain-exercises Tue, 05 Dec 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Managing Security Debt: A Practical Guide]]> https://safeguard.sh/resources/blog/managing-security-debt-practical-guide https://safeguard.sh/resources/blog/managing-security-debt-practical-guide Tue, 05 Dec 2023 09:00:00 GMT Best Practices hi@safeguard.sh (Alex) <![CDATA[Open Source Dependency Health Metrics That Actually Matter]]> https://safeguard.sh/resources/blog/open-source-dependency-health-metrics https://safeguard.sh/resources/blog/open-source-dependency-health-metrics Tue, 05 Dec 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (Alex) <![CDATA[Monorepo Security: Dependency Management at Scale]]> https://safeguard.sh/resources/blog/monorepo-security-dependency-management https://safeguard.sh/resources/blog/monorepo-security-dependency-management Sun, 03 Dec 2023 11:00:00 GMT Architecture hi@safeguard.sh (Nayan Dey) <![CDATA[Federal SBOM Mandate: Compliance Deadlines and What They Mean for Vendors]]> https://safeguard.sh/resources/blog/federal-sbom-mandate-compliance-deadline https://safeguard.sh/resources/blog/federal-sbom-mandate-compliance-deadline Fri, 01 Dec 2023 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Alex) <![CDATA[npm Scripts Sandboxing Techniques]]> https://safeguard.sh/resources/blog/npm-scripts-sandboxing-techniques https://safeguard.sh/resources/blog/npm-scripts-sandboxing-techniques Thu, 30 Nov 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[SOX IT Controls and Software Supply Chain]]> https://safeguard.sh/resources/blog/sox-it-controls-software-supply-chain-intersection https://safeguard.sh/resources/blog/sox-it-controls-software-supply-chain-intersection Sun, 26 Nov 2023 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees]]> https://safeguard.sh/resources/blog/dollar-tree-third-party-breach https://safeguard.sh/resources/blog/dollar-tree-third-party-breach Wed, 22 Nov 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Bob) <![CDATA[How to Audit npm Postinstall Scripts Safely]]> https://safeguard.sh/resources/blog/how-to-audit-npm-postinstall-scripts-safely https://safeguard.sh/resources/blog/how-to-audit-npm-postinstall-scripts-safely Wed, 22 Nov 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Chainguard Images: The Zero-CVE Container Base Image Revolution]]> https://safeguard.sh/resources/blog/chainguard-images-minimal-containers https://safeguard.sh/resources/blog/chainguard-images-minimal-containers Wed, 22 Nov 2023 00:00:00 GMT Container Security hi@safeguard.sh (James) <![CDATA[AI Model Supply Chain Risks: Hugging Face and the New Attack Surface]]> https://safeguard.sh/resources/blog/ai-model-supply-chain-hugging-face-risks https://safeguard.sh/resources/blog/ai-model-supply-chain-hugging-face-risks Mon, 20 Nov 2023 10:00:00 GMT AI Security hi@safeguard.sh (Bob) <![CDATA[Security Considerations When Migrating from Monolith to Microservices]]> https://safeguard.sh/resources/blog/monolith-to-microservices-security-migration https://safeguard.sh/resources/blog/monolith-to-microservices-security-migration Sat, 18 Nov 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Legacy Software and Supply Chain Risks]]> https://safeguard.sh/resources/blog/legacy-software-supply-chain-risks https://safeguard.sh/resources/blog/legacy-software-supply-chain-risks Sat, 18 Nov 2023 00:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[Express.js Security Middleware: An Audit]]> https://safeguard.sh/resources/blog/express-js-security-middleware-audit https://safeguard.sh/resources/blog/express-js-security-middleware-audit Wed, 15 Nov 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Healthcare Software Security: HIPAA, SBOMs, and Patient Safety]]> https://safeguard.sh/resources/blog/healthcare-software-security-hipaa-sbom https://safeguard.sh/resources/blog/healthcare-software-security-hipaa-sbom Wed, 15 Nov 2023 11:00:00 GMT Industry Guides hi@safeguard.sh (Shadab Khan) <![CDATA[MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack]]> https://safeguard.sh/resources/blog/mongodb-atlas-breach-customer-data https://safeguard.sh/resources/blog/mongodb-atlas-breach-customer-data Wed, 15 Nov 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Shadab Khan) <![CDATA[API Key Rotation Automation: A Practical Implementation Guide]]> https://safeguard.sh/resources/blog/api-key-rotation-automation-guide https://safeguard.sh/resources/blog/api-key-rotation-automation-guide Wed, 15 Nov 2023 00:00:00 GMT Security Operations hi@safeguard.sh (Alex) <![CDATA[SonarQube Security Scanning: Code Quality Meets Application Security]]> https://safeguard.sh/resources/blog/sonarqube-security-scanning-review https://safeguard.sh/resources/blog/sonarqube-security-scanning-review Wed, 15 Nov 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Bob) <![CDATA[Apache Web Server Hardening Guide for Production Environments]]> https://safeguard.sh/resources/blog/apache-web-server-hardening-guide https://safeguard.sh/resources/blog/apache-web-server-hardening-guide Sun, 12 Nov 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Alex) <![CDATA[Snap Store and Flatpak Security Models Compared]]> https://safeguard.sh/resources/blog/snap-store-flatpak-security-models https://safeguard.sh/resources/blog/snap-store-flatpak-security-models Sun, 12 Nov 2023 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Travis CI Security Best Practices]]> https://safeguard.sh/resources/blog/travis-ci-security-best-practices https://safeguard.sh/resources/blog/travis-ci-security-best-practices Sun, 12 Nov 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Boeing Hit by LockBit Ransomware: 43GB of Sensitive Data Leaked]]> https://safeguard.sh/resources/blog/boeing-lockbit-ransomware-data-leak https://safeguard.sh/resources/blog/boeing-lockbit-ransomware-data-leak Fri, 10 Nov 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Rust Cargo Dependency Security Guide]]> https://safeguard.sh/resources/blog/rust-cargo-dependency-security-guide https://safeguard.sh/resources/blog/rust-cargo-dependency-security-guide Fri, 10 Nov 2023 10:00:00 GMT Dependency Security hi@safeguard.sh (Bob) <![CDATA[Singapore's Cybersecurity Act and Software Supply Chain Obligations]]> https://safeguard.sh/resources/blog/singapore-cybersecurity-act-supply-chain https://safeguard.sh/resources/blog/singapore-cybersecurity-act-supply-chain Fri, 10 Nov 2023 09:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[govulncheck in Production Integration]]> https://safeguard.sh/resources/blog/govulncheck-production-integration https://safeguard.sh/resources/blog/govulncheck-production-integration Wed, 08 Nov 2023 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Apache ActiveMQ CVE-2023-46604: Ransomware Groups Exploit Critical RCE]]> https://safeguard.sh/resources/blog/apache-activemq-cve-2023-46604-rce https://safeguard.sh/resources/blog/apache-activemq-cve-2023-46604-rce Wed, 08 Nov 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Citrix Bleed CVE-2023-4966: Session Token Theft That Bypassed Every Authentication Control]]> https://safeguard.sh/resources/blog/citrix-bleed-cve-2023-4966-exploitation https://safeguard.sh/resources/blog/citrix-bleed-cve-2023-4966-exploitation Wed, 08 Nov 2023 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (James) <![CDATA[Java Module System Security Features: What JPMS Actually Delivers]]> https://safeguard.sh/resources/blog/java-module-system-security-features https://safeguard.sh/resources/blog/java-module-system-security-features Wed, 08 Nov 2023 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[The LLM Supply Chain: Risks Hiding in Foundation Models]]> https://safeguard.sh/resources/blog/large-language-model-supply-chain-risks https://safeguard.sh/resources/blog/large-language-model-supply-chain-risks Wed, 08 Nov 2023 10:00:00 GMT AI Security hi@safeguard.sh (Yukti Singhal) <![CDATA[OAuth Token Security Throughout the Lifecycle]]> https://safeguard.sh/resources/blog/oauth-token-security-lifecycle https://safeguard.sh/resources/blog/oauth-token-security-lifecycle Wed, 08 Nov 2023 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[CI/CD Credential Theft Prevention]]> https://safeguard.sh/resources/blog/ci-cd-credential-theft-prevention https://safeguard.sh/resources/blog/ci-cd-credential-theft-prevention Wed, 08 Nov 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Deno's Permission-Based Security Model: What It Gets Right and Where It Falls Short]]> https://safeguard.sh/resources/blog/deno-runtime-security-model-analysis https://safeguard.sh/resources/blog/deno-runtime-security-model-analysis Wed, 08 Nov 2023 00:00:00 GMT Developer Security hi@safeguard.sh (Bob) <![CDATA[Executive Order 14028 at the Two-Year Mark]]> https://safeguard.sh/resources/blog/executive-order-14028-year-two-checkpoint https://safeguard.sh/resources/blog/executive-order-14028-year-two-checkpoint Sun, 05 Nov 2023 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[SBOMs in the Automotive Industry: Navigating Software-Defined Vehicles]]> https://safeguard.sh/resources/blog/software-bill-of-materials-automotive-industry https://safeguard.sh/resources/blog/software-bill-of-materials-automotive-industry Sun, 05 Nov 2023 12:00:00 GMT Industry Analysis hi@safeguard.sh (Bob) <![CDATA[CMMC 2.0 and Software Supply Chain Security: A Practical Guide]]> https://safeguard.sh/resources/blog/cmmc-2-0-software-supply-chain-guide https://safeguard.sh/resources/blog/cmmc-2-0-software-supply-chain-guide Sun, 05 Nov 2023 10:00:00 GMT Compliance hi@safeguard.sh (Bob) <![CDATA[Container Escape Techniques in 2023: What's Changed and What Hasn't]]> https://safeguard.sh/resources/blog/container-escape-techniques-2023-update https://safeguard.sh/resources/blog/container-escape-techniques-2023-update Sun, 05 Nov 2023 10:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[Deno Security Model Advantages: Runtime Permissions Done Right]]> https://safeguard.sh/resources/blog/deno-security-model-advantages https://safeguard.sh/resources/blog/deno-security-model-advantages Sun, 05 Nov 2023 10:00:00 GMT Secure Development hi@safeguard.sh (James) <![CDATA[Dependency Hijacking Prevention: A Comprehensive Guide]]> https://safeguard.sh/resources/blog/dependency-hijacking-prevention-guide https://safeguard.sh/resources/blog/dependency-hijacking-prevention-guide Sun, 05 Nov 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[Pulumi and Crossplane Security: IaC Beyond Terraform]]> https://safeguard.sh/resources/blog/pulumi-crossplane-iac-security https://safeguard.sh/resources/blog/pulumi-crossplane-iac-security Sun, 05 Nov 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Bob) <![CDATA[React Native Security Considerations for Mobile Supply Chains]]> https://safeguard.sh/resources/blog/react-native-security-considerations https://safeguard.sh/resources/blog/react-native-security-considerations Sun, 05 Nov 2023 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[RubyGems Yanked Gems: Security Risks of Removed Ruby Packages]]> https://safeguard.sh/resources/blog/rubygems-yanked-gems-security https://safeguard.sh/resources/blog/rubygems-yanked-gems-security Sun, 05 Nov 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[API Security Testing Against the OWASP API Top 10: A Hands-On Guide]]> https://safeguard.sh/resources/blog/api-security-testing-owasp-guide https://safeguard.sh/resources/blog/api-security-testing-owasp-guide Sun, 05 Nov 2023 00:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Cloudflare's Supply Chain Security Model]]> https://safeguard.sh/resources/blog/cloudflare-supply-chain-security-model https://safeguard.sh/resources/blog/cloudflare-supply-chain-security-model Sun, 05 Nov 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Nayan Dey) <![CDATA[Wiz Cloud Security Platform: Agentless Done at Scale]]> https://safeguard.sh/resources/blog/wiz-cloud-security-platform-overview https://safeguard.sh/resources/blog/wiz-cloud-security-platform-overview Sun, 05 Nov 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Yukti Singhal) <![CDATA[Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers]]> https://safeguard.sh/resources/blog/mr-cooper-mortgage-data-breach https://safeguard.sh/resources/blog/mr-cooper-mortgage-data-breach Wed, 01 Nov 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (James) <![CDATA[CISA's Secure by Default: Shifting Responsibility to Software Manufacturers]]> https://safeguard.sh/resources/blog/cisa-secure-by-default-guidance https://safeguard.sh/resources/blog/cisa-secure-by-default-guidance Wed, 01 Nov 2023 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI 2FA Enrollment: Enterprise Rollout]]> https://safeguard.sh/resources/blog/pypi-2fa-enrollment-enterprise-rollout https://safeguard.sh/resources/blog/pypi-2fa-enrollment-enterprise-rollout Sat, 28 Oct 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Building a Software Supply Chain Risk Register]]> https://safeguard.sh/resources/blog/supply-chain-risk-register-template https://safeguard.sh/resources/blog/supply-chain-risk-register-template Sat, 28 Oct 2023 09:00:00 GMT Risk Management hi@safeguard.sh (Shadab Khan) <![CDATA[Dagger CI/CD Security Benefits]]> https://safeguard.sh/resources/blog/dagger-ci-cd-security-benefits https://safeguard.sh/resources/blog/dagger-ci-cd-security-benefits Sat, 28 Oct 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[F5 BIG-IP CVE-2023-46747: Authentication Bypass Puts Network Infrastructure at Risk]]> https://safeguard.sh/resources/blog/f5-big-ip-cve-2023-46747-authentication-bypass https://safeguard.sh/resources/blog/f5-big-ip-cve-2023-46747-authentication-bypass Fri, 27 Oct 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[A History of Browser Sandbox Escapes and What They Teach Us]]> https://safeguard.sh/resources/blog/browser-sandbox-escape-history https://safeguard.sh/resources/blog/browser-sandbox-escape-history Wed, 25 Oct 2023 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Shadab Khan) <![CDATA[Building a DevSecOps Culture: Beyond Tools and into Teams]]> https://safeguard.sh/resources/blog/devsecops-culture-building-security-teams https://safeguard.sh/resources/blog/devsecops-culture-building-security-teams Wed, 25 Oct 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Confidential Computing: A New Trust Model for Software Supply Chains]]> https://safeguard.sh/resources/blog/confidential-computing-supply-chain https://safeguard.sh/resources/blog/confidential-computing-supply-chain Sun, 22 Oct 2023 11:00:00 GMT Emerging Technology hi@safeguard.sh (Nayan Dey) <![CDATA[Southeast Asia's Software Supply Chain Security Gap]]> https://safeguard.sh/resources/blog/southeast-asia-supply-chain-security https://safeguard.sh/resources/blog/southeast-asia-supply-chain-security Sun, 22 Oct 2023 00:00:00 GMT Regional Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Trivy vs Grype: Container Scanning Head-to-Head]]> https://safeguard.sh/resources/blog/trivy-vs-grype-container-scanning-2023 https://safeguard.sh/resources/blog/trivy-vs-grype-container-scanning-2023 Fri, 20 Oct 2023 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Okta's Support System Breach: Identity Provider Under Fire Again]]> https://safeguard.sh/resources/blog/okta-support-system-breach-october-2023 https://safeguard.sh/resources/blog/okta-support-system-breach-october-2023 Fri, 20 Oct 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Michael) <![CDATA[CISO Quarterly Reporting Template: What the Board Actually Needs to See]]> https://safeguard.sh/resources/blog/ciso-quarterly-reporting-template https://safeguard.sh/resources/blog/ciso-quarterly-reporting-template Fri, 20 Oct 2023 09:00:00 GMT Security Strategy hi@safeguard.sh (Bob) <![CDATA[RSA Conference 2023 Supply Chain Track: Field Notes]]> https://safeguard.sh/resources/blog/rsa-conference-2023-supply-chain-track-notes https://safeguard.sh/resources/blog/rsa-conference-2023-supply-chain-track-notes Wed, 18 Oct 2023 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[SBOMs for Embedded Systems: Firmware Transparency]]> https://safeguard.sh/resources/blog/sbom-for-embedded-systems https://safeguard.sh/resources/blog/sbom-for-embedded-systems Wed, 18 Oct 2023 00:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Uber's Security Transformation Post-Breach]]> https://safeguard.sh/resources/blog/uber-security-transformation-post-breach https://safeguard.sh/resources/blog/uber-security-transformation-post-breach Wed, 18 Oct 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Alex) <![CDATA[Cisco IOS XE CVE-2023-20198: Tens of Thousands of Devices Implanted]]> https://safeguard.sh/resources/blog/cisco-ios-xe-cve-2023-20198-implant https://safeguard.sh/resources/blog/cisco-ios-xe-cve-2023-20198-implant Mon, 16 Oct 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cisco IOS XE CVE-2023-20198: The Zero-Day That Compromised Tens of Thousands of Network Devices]]> https://safeguard.sh/resources/blog/cisco-ios-xe-webui-cve-2023-20198-implant https://safeguard.sh/resources/blog/cisco-ios-xe-webui-cve-2023-20198-implant Mon, 16 Oct 2023 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Shadab Khan) <![CDATA[TypeScript Security Best Practices]]> https://safeguard.sh/resources/blog/typescript-security-best-practices https://safeguard.sh/resources/blog/typescript-security-best-practices Sun, 15 Oct 2023 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[How to Enable Dependency Review on GitHub PRs]]> https://safeguard.sh/resources/blog/how-to-enable-github-dependency-review-on-prs https://safeguard.sh/resources/blog/how-to-enable-github-dependency-review-on-prs Thu, 12 Oct 2023 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Progressive Web App Security: The Risks Hiding in the Browser]]> https://safeguard.sh/resources/blog/progressive-web-app-security-guide https://safeguard.sh/resources/blog/progressive-web-app-security-guide Thu, 12 Oct 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Scratch vs Distroless: Choosing the Right Minimal Container Image]]> https://safeguard.sh/resources/blog/scratch-vs-distroless-minimal-images https://safeguard.sh/resources/blog/scratch-vs-distroless-minimal-images Thu, 12 Oct 2023 10:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios]]> https://safeguard.sh/resources/blog/incident-response-tabletop-exercises-guide https://safeguard.sh/resources/blog/incident-response-tabletop-exercises-guide Thu, 12 Oct 2023 00:00:00 GMT Incident Response hi@safeguard.sh (Michael) <![CDATA[Insecure Deserialization: Why Untrusted Data Should Never Become Objects]]> https://safeguard.sh/resources/blog/insecure-deserialization-prevention https://safeguard.sh/resources/blog/insecure-deserialization-prevention Thu, 12 Oct 2023 00:00:00 GMT Code Security hi@safeguard.sh (James) <![CDATA[curl CVE-2023-38545: The Worst curl Vulnerability in Years]]> https://safeguard.sh/resources/blog/curl-cve-2023-38545-heap-buffer-overflow https://safeguard.sh/resources/blog/curl-cve-2023-38545-heap-buffer-overflow Wed, 11 Oct 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[HTTP/2 Rapid Reset: The Largest DDoS Attacks in Internet History]]> https://safeguard.sh/resources/blog/http2-rapid-reset-cve-2023-44487-ddos https://safeguard.sh/resources/blog/http2-rapid-reset-cve-2023-44487-ddos Tue, 10 Oct 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Cloud-Native Application Protection: Beyond the Buzzword]]> https://safeguard.sh/resources/blog/cloud-native-application-protection-guide https://safeguard.sh/resources/blog/cloud-native-application-protection-guide Sun, 08 Oct 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Open Source vs Commercial SCA Tools: An Honest Comparison]]> https://safeguard.sh/resources/blog/open-source-vs-commercial-sca https://safeguard.sh/resources/blog/open-source-vs-commercial-sca Sun, 08 Oct 2023 10:00:00 GMT Security Strategy hi@safeguard.sh (Bob) <![CDATA[Scattered Spider: The Social Engineering Group That Outmaneuvered Enterprise Security]]> https://safeguard.sh/resources/blog/scattered-spider-social-engineering-attacks https://safeguard.sh/resources/blog/scattered-spider-social-engineering-attacks Sun, 08 Oct 2023 10:00:00 GMT Threat Actors hi@safeguard.sh (Yukti Singhal) <![CDATA[Package Registry Mirroring: Security Benefits and Hidden Risks]]> https://safeguard.sh/resources/blog/package-registry-mirroring-security https://safeguard.sh/resources/blog/package-registry-mirroring-security Sun, 08 Oct 2023 00:00:00 GMT Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Python setuptools Security Considerations]]> https://safeguard.sh/resources/blog/python-setuptools-security-considerations https://safeguard.sh/resources/blog/python-setuptools-security-considerations Thu, 05 Oct 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Authorization Vulnerabilities: Prevention and Best Practices]]> https://safeguard.sh/resources/blog/authorization-vulnerabilities-prevention https://safeguard.sh/resources/blog/authorization-vulnerabilities-prevention Thu, 05 Oct 2023 10:00:00 GMT Web Security hi@safeguard.sh (Yukti Singhal) <![CDATA[OpenSSF Scorecard v5: Raising the Bar for Open Source Security]]> https://safeguard.sh/resources/blog/openssf-scorecard-v5-release https://safeguard.sh/resources/blog/openssf-scorecard-v5-release Thu, 05 Oct 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Zero Trust for Developer Workstations: Rethinking Endpoint Security]]> https://safeguard.sh/resources/blog/zero-trust-developer-workstations https://safeguard.sh/resources/blog/zero-trust-developer-workstations Thu, 05 Oct 2023 10:00:00 GMT Network Security hi@safeguard.sh (James) <![CDATA[When Observability Meets Security: The Convergence That Changes Everything]]> https://safeguard.sh/resources/blog/observability-security-convergence https://safeguard.sh/resources/blog/observability-security-convergence Thu, 05 Oct 2023 09:00:00 GMT Industry Trends hi@safeguard.sh (Shadab Khan) <![CDATA[JetBrains TeamCity CVE-2023-42793: When Your Build Server Becomes the Attack Vector]]> https://safeguard.sh/resources/blog/jetbrains-teamcity-cve-2023-42793-exploitation https://safeguard.sh/resources/blog/jetbrains-teamcity-cve-2023-42793-exploitation Tue, 03 Oct 2023 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[OWASP Top 10 for LLM Applications: A First Look]]> https://safeguard.sh/resources/blog/owasp-top-10-for-llm-applications-first-look https://safeguard.sh/resources/blog/owasp-top-10-for-llm-applications-first-look Thu, 28 Sep 2023 12:00:00 GMT AI Security hi@safeguard.sh (Shadab Khan) <![CDATA[JSON Parsing Library Vulnerabilities You Should Know About]]> https://safeguard.sh/resources/blog/json-parsing-library-vulnerabilities https://safeguard.sh/resources/blog/json-parsing-library-vulnerabilities Thu, 28 Sep 2023 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Webpack vs Rollup vs esbuild: A Security Comparison]]> https://safeguard.sh/resources/blog/webpack-rollup-esbuild-security https://safeguard.sh/resources/blog/webpack-rollup-esbuild-security Thu, 28 Sep 2023 09:00:00 GMT AppSec hi@safeguard.sh (Nayan Dey) <![CDATA[Checkmarx SCA: Application Security from a SAST Pioneer]]> https://safeguard.sh/resources/blog/checkmarx-sca-platform-review https://safeguard.sh/resources/blog/checkmarx-sca-platform-review Thu, 28 Sep 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Alex) <![CDATA[Progress WS_FTP CVE-2023-40044: Another File Transfer Platform Falls to Pre-Auth RCE]]> https://safeguard.sh/resources/blog/progress-ws-ftp-cve-2023-40044-critical https://safeguard.sh/resources/blog/progress-ws-ftp-cve-2023-40044-critical Wed, 27 Sep 2023 14:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[Designing a Vulnerability Triage Workflow That Works]]> https://safeguard.sh/resources/blog/vulnerability-triage-workflow-design https://safeguard.sh/resources/blog/vulnerability-triage-workflow-design Mon, 25 Sep 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Michael) <![CDATA[Securing LLM Applications: The OWASP Top 10 for Large Language Models]]> https://safeguard.sh/resources/blog/securing-llm-applications-owasp-top-10 https://safeguard.sh/resources/blog/securing-llm-applications-owasp-top-10 Mon, 25 Sep 2023 10:00:00 GMT AI Security hi@safeguard.sh (Michael) <![CDATA[SBOM Storage and Distribution Infrastructure]]> https://safeguard.sh/resources/blog/sbom-storage-distribution-infrastructure https://safeguard.sh/resources/blog/sbom-storage-distribution-infrastructure Mon, 25 Sep 2023 00:00:00 GMT SBOM hi@safeguard.sh (James) <![CDATA[AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack]]> https://safeguard.sh/resources/blog/ai-hallucination-package-confusion-attacks https://safeguard.sh/resources/blog/ai-hallucination-package-confusion-attacks Wed, 20 Sep 2023 10:00:00 GMT AI Security hi@safeguard.sh (Alex) <![CDATA[Spring Boot Security and Dependency Management]]> https://safeguard.sh/resources/blog/spring-boot-security-dependency-management https://safeguard.sh/resources/blog/spring-boot-security-dependency-management Wed, 20 Sep 2023 10:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM for the Gaming Industry: Why Game Studios Need Software Transparency]]> https://safeguard.sh/resources/blog/sbom-for-gaming-industry https://safeguard.sh/resources/blog/sbom-for-gaming-industry Wed, 20 Sep 2023 00:00:00 GMT SBOM hi@safeguard.sh (James) <![CDATA[SBOM Tooling Landscape in 2023: What Actually Works]]> https://safeguard.sh/resources/blog/sbom-tooling-landscape-2023 https://safeguard.sh/resources/blog/sbom-tooling-landscape-2023 Fri, 15 Sep 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Microsoft's Secure Supply Chain Practices]]> https://safeguard.sh/resources/blog/microsoft-secure-supply-chain-practices https://safeguard.sh/resources/blog/microsoft-secure-supply-chain-practices Fri, 15 Sep 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Shadab Khan) <![CDATA[Python Packaging Authority and the Security of pip install]]> https://safeguard.sh/resources/blog/python-packaging-authority-security https://safeguard.sh/resources/blog/python-packaging-authority-security Fri, 15 Sep 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (Alex) <![CDATA[MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale]]> https://safeguard.sh/resources/blog/mgm-resorts-caesars-scattered-spider-2023 https://safeguard.sh/resources/blog/mgm-resorts-caesars-scattered-spider-2023 Thu, 14 Sep 2023 14:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Dependabot Security Updates: Behavior Deep Dive]]> https://safeguard.sh/resources/blog/dependabot-security-updates-behavior-2023 https://safeguard.sh/resources/blog/dependabot-security-updates-behavior-2023 Tue, 12 Sep 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Electron App Supply Chain Security Posture]]> https://safeguard.sh/resources/blog/electron-app-supply-chain-security-posture https://safeguard.sh/resources/blog/electron-app-supply-chain-security-posture Tue, 12 Sep 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[API Security Through the Supply Chain Lens]]> https://safeguard.sh/resources/blog/api-security-supply-chain-considerations https://safeguard.sh/resources/blog/api-security-supply-chain-considerations Tue, 12 Sep 2023 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Canada's Cybersecurity Strategy and the Push for SBOM Adoption]]> https://safeguard.sh/resources/blog/canada-cyber-security-strategy-sbom https://safeguard.sh/resources/blog/canada-cyber-security-strategy-sbom Tue, 12 Sep 2023 10:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Dart/Flutter Dependency Security: Securing the Mobile Supply Chain]]> https://safeguard.sh/resources/blog/dart-flutter-dependency-security https://safeguard.sh/resources/blog/dart-flutter-dependency-security Tue, 12 Sep 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[GitHub Packages Security Features: What You Get and What You Do Not]]> https://safeguard.sh/resources/blog/github-packages-security-features https://safeguard.sh/resources/blog/github-packages-security-features Tue, 12 Sep 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Building a Supply Chain Security Metrics Dashboard That Drives Action]]> https://safeguard.sh/resources/blog/supply-chain-security-metrics-dashboard https://safeguard.sh/resources/blog/supply-chain-security-metrics-dashboard Tue, 12 Sep 2023 10:00:00 GMT Security Operations hi@safeguard.sh (Yukti Singhal) <![CDATA[gRPC Security Considerations: Protecting High-Performance Service Communication]]> https://safeguard.sh/resources/blog/grpc-security-considerations-guide https://safeguard.sh/resources/blog/grpc-security-considerations-guide Tue, 12 Sep 2023 00:00:00 GMT API Security hi@safeguard.sh (Nayan Dey) <![CDATA[SLSA v1.0: Software Provenance Attestation Goes Mainstream]]> https://safeguard.sh/resources/blog/software-provenance-attestation-slsa-v1 https://safeguard.sh/resources/blog/software-provenance-attestation-slsa-v1 Sun, 10 Sep 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Edge Computing and the Distributed Supply Chain Security Challenge]]> https://safeguard.sh/resources/blog/edge-computing-software-supply-chain https://safeguard.sh/resources/blog/edge-computing-software-supply-chain Fri, 08 Sep 2023 14:00:00 GMT Emerging Technology hi@safeguard.sh (Bob) <![CDATA[Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline]]> https://safeguard.sh/resources/blog/build-system-poisoning-techniques https://safeguard.sh/resources/blog/build-system-poisoning-techniques Fri, 08 Sep 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Cloud Marketplace Security: What AWS and Azure Listings Actually Verify]]> https://safeguard.sh/resources/blog/cloud-marketplace-security-aws-azure https://safeguard.sh/resources/blog/cloud-marketplace-security-aws-azure Fri, 08 Sep 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Cache Poisoning Attacks: How They Work and How to Prevent Them]]> https://safeguard.sh/resources/blog/cache-poisoning-attacks-prevention https://safeguard.sh/resources/blog/cache-poisoning-attacks-prevention Tue, 05 Sep 2023 10:00:00 GMT Web Security hi@safeguard.sh (Shadab Khan) <![CDATA[DAST Tool Comparison for Enterprise: What Matters Beyond Feature Lists]]> https://safeguard.sh/resources/blog/dast-tool-comparison-enterprise-2023 https://safeguard.sh/resources/blog/dast-tool-comparison-enterprise-2023 Tue, 05 Sep 2023 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Massive PyPI Malware Campaign Targets Developers with Credential Stealers]]> https://safeguard.sh/resources/blog/pypi-malware-campaign-targeting-developers https://safeguard.sh/resources/blog/pypi-malware-campaign-targeting-developers Tue, 05 Sep 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[Pipenv Security Posture Review]]> https://safeguard.sh/resources/blog/pipenv-security-posture-review-2023 https://safeguard.sh/resources/blog/pipenv-security-posture-review-2023 Wed, 30 Aug 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[The Ransomware Payment Ban Debate: Arguments, Evidence, and Unintended Consequences]]> https://safeguard.sh/resources/blog/ransomware-payment-ban-debate-analysis https://safeguard.sh/resources/blog/ransomware-payment-ban-debate-analysis Mon, 28 Aug 2023 10:00:00 GMT Ransomware hi@safeguard.sh (Yukti Singhal) <![CDATA[Secure Package Publishing Checklist for Open Source Maintainers]]> https://safeguard.sh/resources/blog/secure-package-publishing-checklist https://safeguard.sh/resources/blog/secure-package-publishing-checklist Mon, 28 Aug 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Changelog and Security Disclosure Best Practices]]> https://safeguard.sh/resources/blog/changelog-security-disclosure-practices https://safeguard.sh/resources/blog/changelog-security-disclosure-practices Mon, 28 Aug 2023 09:00:00 GMT Security Strategy hi@safeguard.sh (Michael) <![CDATA[Bitbucket Pipelines Security Guide]]> https://safeguard.sh/resources/blog/bitbucket-pipelines-security-guide https://safeguard.sh/resources/blog/bitbucket-pipelines-security-guide Fri, 25 Aug 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Runtime SBOM vs. Build-Time SBOM: Which Do You Actually Need?]]> https://safeguard.sh/resources/blog/runtime-sbom-vs-build-time-sbom https://safeguard.sh/resources/blog/runtime-sbom-vs-build-time-sbom Fri, 25 Aug 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Security Incident Communication Guide]]> https://safeguard.sh/resources/blog/security-incident-communication-guide https://safeguard.sh/resources/blog/security-incident-communication-guide Fri, 25 Aug 2023 00:00:00 GMT Organizational Security hi@safeguard.sh (Michael) <![CDATA[Socket.dev: Detecting Supply Chain Attacks Before They Hit]]> https://safeguard.sh/resources/blog/socket-dev-supply-chain-detection https://safeguard.sh/resources/blog/socket-dev-supply-chain-detection Tue, 22 Aug 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Shadab Khan) <![CDATA[WinRAR Zero-Day CVE-2023-38831: Weaponized Archives in the Wild]]> https://safeguard.sh/resources/blog/winrar-cve-2023-38831-zero-day-exploitation https://safeguard.sh/resources/blog/winrar-cve-2023-38831-zero-day-exploitation Sun, 20 Aug 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Japan's Approach to Cybersecurity and Software Supply Chain Security]]> https://safeguard.sh/resources/blog/japan-cybersecurity-software-supply-chain https://safeguard.sh/resources/blog/japan-cybersecurity-software-supply-chain Sun, 20 Aug 2023 08:00:00 GMT Compliance hi@safeguard.sh (James) <![CDATA[pip Install Hooks Security: The Python Packaging Backdoor]]> https://safeguard.sh/resources/blog/pip-install-hooks-security https://safeguard.sh/resources/blog/pip-install-hooks-security Fri, 18 Aug 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[DevSecOps Toolchain Integration Patterns That Actually Work]]> https://safeguard.sh/resources/blog/devsecops-toolchain-integration-patterns https://safeguard.sh/resources/blog/devsecops-toolchain-integration-patterns Fri, 18 Aug 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation]]> https://safeguard.sh/resources/blog/kubernetes-network-policies-deep-dive https://safeguard.sh/resources/blog/kubernetes-network-policies-deep-dive Fri, 18 Aug 2023 00:00:00 GMT Kubernetes Security hi@safeguard.sh (James) <![CDATA[Threat Hunting in the Software Supply Chain]]> https://safeguard.sh/resources/blog/threat-hunting-software-supply-chain https://safeguard.sh/resources/blog/threat-hunting-software-supply-chain Fri, 18 Aug 2023 00:00:00 GMT Threat Intelligence hi@safeguard.sh (James) <![CDATA[Security Champions With a Supply Chain Focus]]> https://safeguard.sh/resources/blog/security-champions-program-supply-chain-focus https://safeguard.sh/resources/blog/security-champions-program-supply-chain-focus Wed, 16 Aug 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Remediation SLAs: Best Practices for Real Teams]]> https://safeguard.sh/resources/blog/vulnerability-remediation-sla-best-practices https://safeguard.sh/resources/blog/vulnerability-remediation-sla-best-practices Tue, 15 Aug 2023 11:00:00 GMT Vulnerability Management hi@safeguard.sh (Alex) <![CDATA[GitHub Dependabot and the State of Automated Dependency Security]]> https://safeguard.sh/resources/blog/github-dependabot-supply-chain-security https://safeguard.sh/resources/blog/github-dependabot-supply-chain-security Tue, 15 Aug 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Africa's Digital Transformation: Security Challenges at Scale]]> https://safeguard.sh/resources/blog/africa-digital-transformation-security-challenges https://safeguard.sh/resources/blog/africa-digital-transformation-security-challenges Tue, 15 Aug 2023 00:00:00 GMT Regional Security hi@safeguard.sh (Michael) <![CDATA[Google Cloud Build Supply Chain Security: From Source to Deploy]]> https://safeguard.sh/resources/blog/google-cloud-build-supply-chain-security https://safeguard.sh/resources/blog/google-cloud-build-supply-chain-security Sat, 12 Aug 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Michael) <![CDATA[Kubernetes Ingress Security Configuration: Getting It Right]]> https://safeguard.sh/resources/blog/kubernetes-ingress-security-configuration https://safeguard.sh/resources/blog/kubernetes-ingress-security-configuration Sat, 12 Aug 2023 10:00:00 GMT Kubernetes Security hi@safeguard.sh (Shadab Khan) <![CDATA[Terraform Provider Verification: Securing Your Infrastructure as Code Supply Chain]]> https://safeguard.sh/resources/blog/terraform-provider-verification-guide https://safeguard.sh/resources/blog/terraform-provider-verification-guide Sat, 12 Aug 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Alex) <![CDATA[Kubernetes 1.27 Security Highlights]]> https://safeguard.sh/resources/blog/kubernetes-1-27-security-highlights https://safeguard.sh/resources/blog/kubernetes-1-27-security-highlights Fri, 11 Aug 2023 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[npm Lockfile v3 Security Improvements]]> https://safeguard.sh/resources/blog/npm-lockfile-v3-security-improvements https://safeguard.sh/resources/blog/npm-lockfile-v3-security-improvements Thu, 10 Aug 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[LLM Prompt Injection: The New Supply Chain Attack Vector]]> https://safeguard.sh/resources/blog/llm-prompt-injection-supply-chain-risk https://safeguard.sh/resources/blog/llm-prompt-injection-supply-chain-risk Thu, 10 Aug 2023 10:00:00 GMT AI Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Internal Package Naming Best Practices to Prevent Dependency Confusion]]> https://safeguard.sh/resources/blog/internal-package-naming-best-practices https://safeguard.sh/resources/blog/internal-package-naming-best-practices Tue, 08 Aug 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Ivanti EPMM Zero-Day CVE-2023-35078: Norwegian Government Breach]]> https://safeguard.sh/resources/blog/ivanti-epmm-cve-2023-35078-zero-day https://safeguard.sh/resources/blog/ivanti-epmm-cve-2023-35078-zero-day Tue, 08 Aug 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[The Hidden Risk of Abandoned Open Source Projects]]> https://safeguard.sh/resources/blog/abandoned-open-source-project-risks https://safeguard.sh/resources/blog/abandoned-open-source-project-risks Tue, 08 Aug 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (Bob) <![CDATA[How to Generate SBOMs From Maven Projects]]> https://safeguard.sh/resources/blog/how-to-generate-sboms-from-maven-projects-cli https://safeguard.sh/resources/blog/how-to-generate-sboms-from-maven-projects-cli Sat, 05 Aug 2023 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Game Day Exercises for Supply Chain Incidents: Practicing Before the Real Thing]]> https://safeguard.sh/resources/blog/game-day-exercises-supply-chain https://safeguard.sh/resources/blog/game-day-exercises-supply-chain Sat, 05 Aug 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Template Injection (SSTI) Prevention Guide]]> https://safeguard.sh/resources/blog/template-injection-ssti-prevention https://safeguard.sh/resources/blog/template-injection-ssti-prevention Sat, 05 Aug 2023 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[OSV Schema: The Open Source Vulnerability Database Format Explained]]> https://safeguard.sh/resources/blog/osv-schema-vulnerability-database-format https://safeguard.sh/resources/blog/osv-schema-vulnerability-database-format Sat, 05 Aug 2023 09:00:00 GMT Vulnerability Management hi@safeguard.sh (Bob) <![CDATA[Pharmaceutical Software Validation and Supply Chain Security]]> https://safeguard.sh/resources/blog/pharmaceutical-software-validation-supply-chain https://safeguard.sh/resources/blog/pharmaceutical-software-validation-supply-chain Sat, 05 Aug 2023 09:00:00 GMT Industry Guides hi@safeguard.sh (Bob) <![CDATA[npm Tightens Unpublish Rules: What It Means for Supply Chain Security]]> https://safeguard.sh/resources/blog/npm-unpublish-policy-changes-2023 https://safeguard.sh/resources/blog/npm-unpublish-policy-changes-2023 Tue, 01 Aug 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (James) <![CDATA[Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code]]> https://safeguard.sh/resources/blog/kotlin-detekt-security-rules https://safeguard.sh/resources/blog/kotlin-detekt-security-rules Fri, 28 Jul 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Open Source Vulnerability Rewards: Can Bug Bounties Save Open Source?]]> https://safeguard.sh/resources/blog/oss-vulnerability-rewards-programs https://safeguard.sh/resources/blog/oss-vulnerability-rewards-programs Fri, 28 Jul 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Distroless Container Images: Stripping the Attack Surface to Nothing]]> https://safeguard.sh/resources/blog/distroless-container-images-security https://safeguard.sh/resources/blog/distroless-container-images-security Fri, 28 Jul 2023 00:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Zenbleed: AMD CPU Vulnerability Leaks Data Across Processes (CVE-2023-20593)]]> https://safeguard.sh/resources/blog/zenbleed-amd-cpu-vulnerability-cve-2023-20593 https://safeguard.sh/resources/blog/zenbleed-amd-cpu-vulnerability-cve-2023-20593 Mon, 24 Jul 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Golang Module Security and Verification]]> https://safeguard.sh/resources/blog/golang-module-security-verification https://safeguard.sh/resources/blog/golang-module-security-verification Sat, 22 Jul 2023 10:00:00 GMT Dependency Security hi@safeguard.sh (James) <![CDATA[Security Challenges in Polyglot Repositories]]> https://safeguard.sh/resources/blog/polyglot-repository-security-challenges https://safeguard.sh/resources/blog/polyglot-repository-security-challenges Sat, 22 Jul 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Python Wheel Security Verification: What You Are Missing]]> https://safeguard.sh/resources/blog/python-wheel-security-verification https://safeguard.sh/resources/blog/python-wheel-security-verification Sat, 22 Jul 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Automated Security Testing in CI/CD Pipelines]]> https://safeguard.sh/resources/blog/automated-security-testing-in-ci-cd https://safeguard.sh/resources/blog/automated-security-testing-in-ci-cd Sat, 22 Jul 2023 08:00:00 GMT How-To Guide hi@safeguard.sh (Bob) <![CDATA[IAST Explained: Why Instrumented Security Testing Catches What Others Miss]]> https://safeguard.sh/resources/blog/interactive-application-security-testing https://safeguard.sh/resources/blog/interactive-application-security-testing Sat, 22 Jul 2023 00:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Reproducible Builds in the Go Ecosystem]]> https://safeguard.sh/resources/blog/reproducible-builds-go-ecosystem-2023 https://safeguard.sh/resources/blog/reproducible-builds-go-ecosystem-2023 Thu, 20 Jul 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Aqua Security Platform Review: Cloud Native Security Done Right]]> https://safeguard.sh/resources/blog/aqua-security-platform-review-2023 https://safeguard.sh/resources/blog/aqua-security-platform-review-2023 Thu, 20 Jul 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Michael) <![CDATA[CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk]]> https://safeguard.sh/resources/blog/ci-cd-secret-sprawl-management https://safeguard.sh/resources/blog/ci-cd-secret-sprawl-management Thu, 20 Jul 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[How to Structure an SBOM Review Process]]> https://safeguard.sh/resources/blog/how-to-structure-an-sbom-review-process https://safeguard.sh/resources/blog/how-to-structure-an-sbom-review-process Tue, 18 Jul 2023 12:00:00 GMT SBOM & Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[WebAssembly Security: New Capabilities, New Supply Chain Questions]]> https://safeguard.sh/resources/blog/wasm-webassembly-security-considerations https://safeguard.sh/resources/blog/wasm-webassembly-security-considerations Tue, 18 Jul 2023 12:00:00 GMT Emerging Technology hi@safeguard.sh (Yukti Singhal) <![CDATA[Citrix NetScaler Zero-Day CVE-2023-3519: Mass Exploitation in the Wild]]> https://safeguard.sh/resources/blog/citrix-netscaler-cve-2023-3519-zero-day https://safeguard.sh/resources/blog/citrix-netscaler-cve-2023-3519-zero-day Tue, 18 Jul 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Supply Chain Risk Scoring Algorithms: How They Work and Where They Fail]]> https://safeguard.sh/resources/blog/supply-chain-risk-scoring-algorithms https://safeguard.sh/resources/blog/supply-chain-risk-scoring-algorithms Tue, 18 Jul 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Aerospace and Defense Software Supply Chain Security]]> https://safeguard.sh/resources/blog/aerospace-defense-software-supply-chain https://safeguard.sh/resources/blog/aerospace-defense-software-supply-chain Tue, 18 Jul 2023 09:00:00 GMT Industry Guides hi@safeguard.sh (Bob) <![CDATA[Security Debt: Tracking and Remediation Strategies]]> https://safeguard.sh/resources/blog/security-debt-tracking-remediation https://safeguard.sh/resources/blog/security-debt-tracking-remediation Tue, 18 Jul 2023 00:00:00 GMT Risk Management hi@safeguard.sh (Shadab Khan) <![CDATA[Svelte and SvelteKit Security Best Practices for Production Apps]]> https://safeguard.sh/resources/blog/svelte-sveltekit-security-best-practices https://safeguard.sh/resources/blog/svelte-sveltekit-security-best-practices Tue, 18 Jul 2023 00:00:00 GMT Developer Security hi@safeguard.sh (James) <![CDATA[ITAR and EAR Export Controls: What Software Teams Need to Know]]> https://safeguard.sh/resources/blog/itar-ear-export-control-software https://safeguard.sh/resources/blog/itar-ear-export-control-software Sat, 15 Jul 2023 09:00:00 GMT Compliance hi@safeguard.sh (James) <![CDATA[The Economics of Vulnerability Bounties: Who Wins and Who Loses]]> https://safeguard.sh/resources/blog/vulnerability-bounty-economics-analysis https://safeguard.sh/resources/blog/vulnerability-bounty-economics-analysis Sat, 15 Jul 2023 00:00:00 GMT Industry Analysis hi@safeguard.sh (James) <![CDATA[Zimbra Collaboration CVE-2023-37580: XSS Zero-Day Exploited by Four Nation-State Groups]]> https://safeguard.sh/resources/blog/zimbra-collaboration-cve-2023-37580-xss https://safeguard.sh/resources/blog/zimbra-collaboration-cve-2023-37580-xss Thu, 13 Jul 2023 11:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[JumpCloud Supply Chain Attack: North Korea's Lazarus Group Strikes Again]]> https://safeguard.sh/resources/blog/jumpcloud-supply-chain-attack-north-korea https://safeguard.sh/resources/blog/jumpcloud-supply-chain-attack-north-korea Wed, 12 Jul 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Load Balancer Security Considerations for Modern Architectures]]> https://safeguard.sh/resources/blog/load-balancer-security-considerations https://safeguard.sh/resources/blog/load-balancer-security-considerations Wed, 12 Jul 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Bob) <![CDATA[Rate Limiting in Package Registries: Balancing Security and Developer Experience]]> https://safeguard.sh/resources/blog/rate-limiting-package-registries https://safeguard.sh/resources/blog/rate-limiting-package-registries Wed, 12 Jul 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Nayan Dey) <![CDATA[Vulnerability Chaining: Real-World Examples and Defense Strategies]]> https://safeguard.sh/resources/blog/vulnerability-chaining-real-world-examples https://safeguard.sh/resources/blog/vulnerability-chaining-real-world-examples Wed, 12 Jul 2023 08:00:00 GMT Vulnerability Management hi@safeguard.sh (Michael) <![CDATA[Stripe's Dependency Security Practices]]> https://safeguard.sh/resources/blog/stripe-dependency-security-practices https://safeguard.sh/resources/blog/stripe-dependency-security-practices Wed, 12 Jul 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Yukti Singhal) <![CDATA[Digital Twins and Supply Chain Security: Securing the Virtual Mirror]]> https://safeguard.sh/resources/blog/digital-twin-security-supply-chain https://safeguard.sh/resources/blog/digital-twin-security-supply-chain Mon, 10 Jul 2023 11:00:00 GMT Emerging Technology hi@safeguard.sh (Nayan Dey) <![CDATA[Cloud-Native SBOM Generation Strategies That Actually Work]]> https://safeguard.sh/resources/blog/cloud-native-sbom-generation-strategies https://safeguard.sh/resources/blog/cloud-native-sbom-generation-strategies Mon, 10 Jul 2023 10:00:00 GMT Software Supply Chain hi@safeguard.sh (James) <![CDATA[Nonprofit Organization Cybersecurity: A Practical Guide]]> https://safeguard.sh/resources/blog/nonprofit-organization-cybersecurity-guide https://safeguard.sh/resources/blog/nonprofit-organization-cybersecurity-guide Sat, 08 Jul 2023 11:00:00 GMT Industry Guides hi@safeguard.sh (Shadab Khan) <![CDATA[SSH Key Management for Organizations: Beyond the Basics]]> https://safeguard.sh/resources/blog/ssh-key-management-organizations https://safeguard.sh/resources/blog/ssh-key-management-organizations Sat, 08 Jul 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[CircleCI Security Configuration Guide]]> https://safeguard.sh/resources/blog/circleci-security-configuration-guide https://safeguard.sh/resources/blog/circleci-security-configuration-guide Sat, 08 Jul 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[GitHub Advanced Security: CodeQL, Dependabot, and Secret Scanning in Practice]]> https://safeguard.sh/resources/blog/github-advanced-security-review https://safeguard.sh/resources/blog/github-advanced-security-review Sat, 08 Jul 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (James) <![CDATA[Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale]]> https://safeguard.sh/resources/blog/clop-ransomware-moveit-campaign-analysis https://safeguard.sh/resources/blog/clop-ransomware-moveit-campaign-analysis Wed, 05 Jul 2023 10:00:00 GMT Ransomware hi@safeguard.sh (Michael) <![CDATA[Electron ContextBridge Security: Building Safe Desktop Apps]]> https://safeguard.sh/resources/blog/electron-contextbridge-security https://safeguard.sh/resources/blog/electron-contextbridge-security Wed, 05 Jul 2023 10:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[NuGet Package Tampering Detection: Securing the .NET Supply Chain]]> https://safeguard.sh/resources/blog/nuget-package-tampering-detection https://safeguard.sh/resources/blog/nuget-package-tampering-detection Wed, 05 Jul 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Starjacking Attacks on Package Registries: Exploiting Repository Trust]]> https://safeguard.sh/resources/blog/starjacking-attacks-package-registries https://safeguard.sh/resources/blog/starjacking-attacks-package-registries Wed, 05 Jul 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Domain Squatting and Package Registry Attacks]]> https://safeguard.sh/resources/blog/domain-squatting-package-registries https://safeguard.sh/resources/blog/domain-squatting-package-registries Wed, 05 Jul 2023 00:00:00 GMT Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Kotlin Gradle Dependency Verification]]> https://safeguard.sh/resources/blog/kotlin-gradle-dependency-verification https://safeguard.sh/resources/blog/kotlin-gradle-dependency-verification Fri, 30 Jun 2023 10:00:00 GMT Dependency Security hi@safeguard.sh (Shadab Khan) <![CDATA[Automated SBOM Drift Detection: When Your Bill of Materials Goes Stale]]> https://safeguard.sh/resources/blog/automated-sbom-drift-detection https://safeguard.sh/resources/blog/automated-sbom-drift-detection Wed, 28 Jun 2023 09:00:00 GMT SBOM hi@safeguard.sh (Bob) <![CDATA[Harness CI/CD Security Features]]> https://safeguard.sh/resources/blog/harness-ci-cd-security-features https://safeguard.sh/resources/blog/harness-ci-cd-security-features Wed, 28 Jun 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[MOVEit Vulnerability Mass Exploitation: A Field Analysis]]> https://safeguard.sh/resources/blog/moveit-vulnerability-mass-exploitation-analysis https://safeguard.sh/resources/blog/moveit-vulnerability-mass-exploitation-analysis Sun, 25 Jun 2023 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Runtime Application Self-Protection (RASP): A Practical Guide]]> https://safeguard.sh/resources/blog/runtime-application-self-protection-rasp-guide https://safeguard.sh/resources/blog/runtime-application-self-protection-rasp-guide Sun, 25 Jun 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Microsegmentation for Software Supply Chain Security]]> https://safeguard.sh/resources/blog/microsegmentation-supply-chain-security https://safeguard.sh/resources/blog/microsegmentation-supply-chain-security Sun, 25 Jun 2023 00:00:00 GMT Security Architecture hi@safeguard.sh (Nayan Dey) <![CDATA[Automotive Cybersecurity: UNECE WP.29 and Software Supply Chain Security]]> https://safeguard.sh/resources/blog/automotive-cybersecurity-unece-wp29 https://safeguard.sh/resources/blog/automotive-cybersecurity-unece-wp29 Thu, 22 Jun 2023 10:00:00 GMT Industry Guides hi@safeguard.sh (Yukti Singhal) <![CDATA[Microsoft Teams Vulnerability: External Tenant Attacks and the Collaboration Security Gap]]> https://safeguard.sh/resources/blog/microsoft-teams-vulnerability-giftofspeed https://safeguard.sh/resources/blog/microsoft-teams-vulnerability-giftofspeed Thu, 22 Jun 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[SpotBugs Security Detectors for Java: A Practical Guide]]> https://safeguard.sh/resources/blog/spotbugs-security-detectors-java https://safeguard.sh/resources/blog/spotbugs-security-detectors-java Thu, 22 Jun 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[CycloneDX v1.5: New Features and What They Mean for Your SBOM Program]]> https://safeguard.sh/resources/blog/cyclonedx-v1-5-new-features-guide https://safeguard.sh/resources/blog/cyclonedx-v1-5-new-features-guide Tue, 20 Jun 2023 14:00:00 GMT SBOM Standards hi@safeguard.sh (Nayan Dey) <![CDATA[Quantum Computing and the Coming Cryptography Crisis in Supply Chains]]> https://safeguard.sh/resources/blog/quantum-computing-cryptography-supply-chain https://safeguard.sh/resources/blog/quantum-computing-cryptography-supply-chain Tue, 20 Jun 2023 11:00:00 GMT Emerging Technology hi@safeguard.sh (Shadab Khan) <![CDATA[Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout]]> https://safeguard.sh/resources/blog/progress-moveit-second-vulnerability-discovered https://safeguard.sh/resources/blog/progress-moveit-second-vulnerability-discovered Tue, 20 Jun 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Flask Application Security: A Deep Dive]]> https://safeguard.sh/resources/blog/flask-application-security-deep-dive-2023 https://safeguard.sh/resources/blog/flask-application-security-deep-dive-2023 Sun, 18 Jun 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata]]> https://safeguard.sh/resources/blog/server-side-request-forgery-ssrf-guide https://safeguard.sh/resources/blog/server-side-request-forgery-ssrf-guide Sun, 18 Jun 2023 00:00:00 GMT Code Security hi@safeguard.sh (Shadab Khan) <![CDATA[Barracuda ESG Zero-Day CVE-2023-2868: When Patching Isn't Enough]]> https://safeguard.sh/resources/blog/barracuda-esg-zero-day-cve-2023-2868 https://safeguard.sh/resources/blog/barracuda-esg-zero-day-cve-2023-2868 Thu, 15 Jun 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Security Maturity Benchmarking: How to Measure Against Your Peers]]> https://safeguard.sh/resources/blog/security-maturity-benchmarking-peers https://safeguard.sh/resources/blog/security-maturity-benchmarking-peers Thu, 15 Jun 2023 09:00:00 GMT Security Strategy hi@safeguard.sh (James) <![CDATA[DNS Security and Software Distribution: The Foundation Nobody Secures]]> https://safeguard.sh/resources/blog/dns-security-software-distribution https://safeguard.sh/resources/blog/dns-security-software-distribution Thu, 15 Jun 2023 00:00:00 GMT Infrastructure Security hi@safeguard.sh (Alex) <![CDATA[SBOMs for Mobile Applications: iOS and Android]]> https://safeguard.sh/resources/blog/sbom-for-mobile-applications-ios-android https://safeguard.sh/resources/blog/sbom-for-mobile-applications-ios-android Thu, 15 Jun 2023 00:00:00 GMT SBOM hi@safeguard.sh (James) <![CDATA[Snyk vs Dependabot: A Head-to-Head Comparison]]> https://safeguard.sh/resources/blog/snyk-vs-dependabot-head-to-head-2023 https://safeguard.sh/resources/blog/snyk-vs-dependabot-head-to-head-2023 Wed, 14 Jun 2023 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Container Base Image Selection: A Security-First Decision Framework]]> https://safeguard.sh/resources/blog/container-base-image-selection-guide https://safeguard.sh/resources/blog/container-base-image-selection-guide Mon, 12 Jun 2023 10:00:00 GMT Container Security hi@safeguard.sh (James) <![CDATA[FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN]]> https://safeguard.sh/resources/blog/fortinet-fortigate-cve-2023-27997-heap-overflow https://safeguard.sh/resources/blog/fortinet-fortigate-cve-2023-27997-heap-overflow Mon, 12 Jun 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[JetBrains Plugin Security Verification: Protecting Your IDE]]> https://safeguard.sh/resources/blog/jetbrains-plugin-security-verification https://safeguard.sh/resources/blog/jetbrains-plugin-security-verification Mon, 12 Jun 2023 10:00:00 GMT Developer Security hi@safeguard.sh (Yukti Singhal) <![CDATA[JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline]]> https://safeguard.sh/resources/blog/jfrog-xray-vulnerability-scanning https://safeguard.sh/resources/blog/jfrog-xray-vulnerability-scanning Mon, 12 Jun 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Yukti Singhal) <![CDATA[MOVEit Breach Impact Assessment: The Cl0p Campaign's Fallout]]> https://safeguard.sh/resources/blog/moveit-breach-impact-assessment-cl0p https://safeguard.sh/resources/blog/moveit-breach-impact-assessment-cl0p Sat, 10 Jun 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Alex) <![CDATA[SWIFT CSCF: Software Security Requirements for Financial Messaging]]> https://safeguard.sh/resources/blog/swift-cscf-software-security-requirements https://safeguard.sh/resources/blog/swift-cscf-software-security-requirements Sat, 10 Jun 2023 10:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[Spotify's Dependency Management at Scale]]> https://safeguard.sh/resources/blog/spotify-dependency-management-at-scale https://safeguard.sh/resources/blog/spotify-dependency-management-at-scale Sat, 10 Jun 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Bob) <![CDATA[Vendor Lock-In in Security Tooling: The Hidden Cost of Integration]]> https://safeguard.sh/resources/blog/vendor-lock-in-security-tooling https://safeguard.sh/resources/blog/vendor-lock-in-security-tooling Thu, 08 Jun 2023 10:00:00 GMT Security Strategy hi@safeguard.sh (Shadab Khan) <![CDATA[Anchore Syft: The Go-To Open Source SBOM Generator]]> https://safeguard.sh/resources/blog/anchore-syft-sbom-generation-review https://safeguard.sh/resources/blog/anchore-syft-sbom-generation-review Thu, 08 Jun 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (James) <![CDATA[CISSP, CEH, OSCP: How Security Certifications Address Supply Chain Risks]]> https://safeguard.sh/resources/blog/cissp-ceh-oscp-supply-chain-certifications https://safeguard.sh/resources/blog/cissp-ceh-oscp-supply-chain-certifications Thu, 08 Jun 2023 00:00:00 GMT Career Development hi@safeguard.sh (Alex) <![CDATA[Authentication Bypass: Common Patterns Attackers Exploit]]> https://safeguard.sh/resources/blog/authentication-bypass-common-patterns https://safeguard.sh/resources/blog/authentication-bypass-common-patterns Mon, 05 Jun 2023 10:00:00 GMT Web Security hi@safeguard.sh (Nayan Dey) <![CDATA[EU Cyber Resilience Act: Impact on Software Developers and Open Source]]> https://safeguard.sh/resources/blog/eu-cyber-resilience-act-impact-on-developers https://safeguard.sh/resources/blog/eu-cyber-resilience-act-impact-on-developers Mon, 05 Jun 2023 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Alex) <![CDATA[WireGuard for Development Infrastructure: Fast, Simple, and Secure Tunneling]]> https://safeguard.sh/resources/blog/wireguard-development-infrastructure https://safeguard.sh/resources/blog/wireguard-development-infrastructure Mon, 05 Jun 2023 10:00:00 GMT Network Security hi@safeguard.sh (Shadab Khan) <![CDATA[ChatGPT Plugins and the New Plugin Supply Chain Attack Surface]]> https://safeguard.sh/resources/blog/chatgpt-plugins-supply-chain-risks https://safeguard.sh/resources/blog/chatgpt-plugins-supply-chain-risks Mon, 05 Jun 2023 09:00:00 GMT AI Security hi@safeguard.sh (Bob) <![CDATA[npm Install Script Security: The Code That Runs Before Your Code]]> https://safeguard.sh/resources/blog/npm-install-script-security https://safeguard.sh/resources/blog/npm-install-script-security Fri, 02 Jun 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[MOVEit Transfer CVE-2023-34362: The Zero-Day That Hit Thousands]]> https://safeguard.sh/resources/blog/moveit-transfer-cve-2023-34362-analysis https://safeguard.sh/resources/blog/moveit-transfer-cve-2023-34362-analysis Thu, 01 Jun 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Securing Your Private Package Registry]]> https://safeguard.sh/resources/blog/private-package-registry-security https://safeguard.sh/resources/blog/private-package-registry-security Tue, 30 May 2023 11:00:00 GMT How-To Guide hi@safeguard.sh (Shadab Khan) <![CDATA[The Security Implications of Package Bundlers]]> https://safeguard.sh/resources/blog/security-implications-package-bundlers https://safeguard.sh/resources/blog/security-implications-package-bundlers Sun, 28 May 2023 09:00:00 GMT AppSec hi@safeguard.sh (Yukti Singhal) <![CDATA[Legal Tech Software Security and Compliance Considerations]]> https://safeguard.sh/resources/blog/legal-tech-software-security-compliance https://safeguard.sh/resources/blog/legal-tech-software-security-compliance Thu, 25 May 2023 10:00:00 GMT Industry Guides hi@safeguard.sh (Michael) <![CDATA[TLS Library Comparison: OpenSSL vs BoringSSL vs LibreSSL vs rustls]]> https://safeguard.sh/resources/blog/tls-library-comparison-openssl-boringssl https://safeguard.sh/resources/blog/tls-library-comparison-openssl-boringssl Thu, 25 May 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[HIPAA and Software Supply Chain Compliance for Health Tech]]> https://safeguard.sh/resources/blog/hipaa-software-supply-chain-compliance https://safeguard.sh/resources/blog/hipaa-software-supply-chain-compliance Thu, 25 May 2023 08:00:00 GMT Compliance hi@safeguard.sh (Michael) <![CDATA[Developer-Focused Security Awareness for Supply Chain]]> https://safeguard.sh/resources/blog/security-awareness-training-developer-focused-supply-chain https://safeguard.sh/resources/blog/security-awareness-training-developer-focused-supply-chain Mon, 22 May 2023 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Validation and Quality Checks: Ensuring Your SBOMs Are Actually Useful]]> https://safeguard.sh/resources/blog/sbom-validation-quality-checks https://safeguard.sh/resources/blog/sbom-validation-quality-checks Mon, 22 May 2023 00:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[GCP Binary Authorization: Enforcing Container Trust at Deploy Time]]> https://safeguard.sh/resources/blog/gcp-binary-authorization-guide https://safeguard.sh/resources/blog/gcp-binary-authorization-guide Sat, 20 May 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Nayan Dey) <![CDATA[Open Source Malware Detection Techniques for Package Registries]]> https://safeguard.sh/resources/blog/open-source-malware-detection-techniques https://safeguard.sh/resources/blog/open-source-malware-detection-techniques Sat, 20 May 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Swift Security Analysis Tools: The Current Landscape]]> https://safeguard.sh/resources/blog/swift-security-analysis-tools https://safeguard.sh/resources/blog/swift-security-analysis-tools Sat, 20 May 2023 10:00:00 GMT Secure Development hi@safeguard.sh (Yukti Singhal) <![CDATA[Inside the Apache Foundation's Security Practices]]> https://safeguard.sh/resources/blog/apache-foundation-security-practices https://safeguard.sh/resources/blog/apache-foundation-security-practices Sat, 20 May 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (Bob) <![CDATA[Serverless Security: Supply Chain Risks in Lambda, Cloud Functions, and Azure Functions]]> https://safeguard.sh/resources/blog/serverless-security-supply-chain-risks https://safeguard.sh/resources/blog/serverless-security-supply-chain-risks Thu, 18 May 2023 09:00:00 GMT Cloud Security hi@safeguard.sh (Bob) <![CDATA[NIST SSDF v1.1: Practical Adoption Notes]]> https://safeguard.sh/resources/blog/nist-ssdf-v1-1-practical-adoption https://safeguard.sh/resources/blog/nist-ssdf-v1-1-practical-adoption Mon, 15 May 2023 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Django Security and Supply Chain Guide]]> https://safeguard.sh/resources/blog/django-security-supply-chain-guide https://safeguard.sh/resources/blog/django-security-supply-chain-guide Mon, 15 May 2023 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Double Extortion Ransomware: How Data Theft Changed the Game]]> https://safeguard.sh/resources/blog/double-extortion-ransomware-evolution https://safeguard.sh/resources/blog/double-extortion-ransomware-evolution Mon, 15 May 2023 10:00:00 GMT Ransomware hi@safeguard.sh (Michael) <![CDATA[Google Assured Open Source Software: Curated Security for Enterprise Dependencies]]> https://safeguard.sh/resources/blog/google-assured-open-source-software-service https://safeguard.sh/resources/blog/google-assured-open-source-software-service Mon, 15 May 2023 10:00:00 GMT Tools & Platforms hi@safeguard.sh (Michael) <![CDATA[Low-Code/No-Code Platforms: The Shadow Supply Chain in Your Organization]]> https://safeguard.sh/resources/blog/low-code-no-code-platform-security-risks https://safeguard.sh/resources/blog/low-code-no-code-platform-security-risks Mon, 15 May 2023 10:00:00 GMT Industry Trends hi@safeguard.sh (James) <![CDATA[Malware Analysis Techniques for Suspicious npm Packages]]> https://safeguard.sh/resources/blog/malware-analysis-npm-packages-techniques https://safeguard.sh/resources/blog/malware-analysis-npm-packages-techniques Mon, 15 May 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Artifactory Security Best Practices for Enterprise Teams]]> https://safeguard.sh/resources/blog/artifactory-security-best-practices https://safeguard.sh/resources/blog/artifactory-security-best-practices Fri, 12 May 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Shadab Khan) <![CDATA[Subresource Integrity Failures: When CDN Trust Goes Wrong]]> https://safeguard.sh/resources/blog/subresource-integrity-failures-guide https://safeguard.sh/resources/blog/subresource-integrity-failures-guide Fri, 12 May 2023 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Container Vulnerability Scanning: Comparing the Top Tools in 2023]]> https://safeguard.sh/resources/blog/container-vulnerability-scanning-comparison https://safeguard.sh/resources/blog/container-vulnerability-scanning-comparison Wed, 10 May 2023 10:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[SBOM Requirements for Financial Services: What You Need to Know]]> https://safeguard.sh/resources/blog/sbom-requirements-financial-services https://safeguard.sh/resources/blog/sbom-requirements-financial-services Wed, 10 May 2023 10:00:00 GMT Industry Guides hi@safeguard.sh (Yukti Singhal) <![CDATA[Elixir and Hex Package Security: Protecting the BEAM Ecosystem]]> https://safeguard.sh/resources/blog/elixir-hex-package-security https://safeguard.sh/resources/blog/elixir-hex-package-security Wed, 10 May 2023 00:00:00 GMT Developer Security hi@safeguard.sh (Michael) <![CDATA[Snyk vs Sonatype: A Head-to-Head SCA Comparison]]> https://safeguard.sh/resources/blog/snyk-vs-sonatype-comparison-2023 https://safeguard.sh/resources/blog/snyk-vs-sonatype-comparison-2023 Wed, 10 May 2023 00:00:00 GMT Tool Comparisons hi@safeguard.sh (Yukti Singhal) <![CDATA[Environment Variable Injection in CI/CD Pipelines]]> https://safeguard.sh/resources/blog/environment-variable-injection-ci-cd https://safeguard.sh/resources/blog/environment-variable-injection-ci-cd Mon, 08 May 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[SBOMs for SaaS Products: What Customers Are Starting to Demand]]> https://safeguard.sh/resources/blog/sbom-for-saas-products https://safeguard.sh/resources/blog/sbom-for-saas-products Mon, 08 May 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[How Google Secures Its Software Supply Chain]]> https://safeguard.sh/resources/blog/how-google-secures-software-supply-chain https://safeguard.sh/resources/blog/how-google-secures-software-supply-chain Mon, 08 May 2023 00:00:00 GMT Case Studies hi@safeguard.sh (Nayan Dey) <![CDATA[MSI Breach: Intel Boot Guard Keys Leaked After Ransomware Attack]]> https://safeguard.sh/resources/blog/msi-breach-intel-boot-guard-keys-leaked https://safeguard.sh/resources/blog/msi-breach-intel-boot-guard-keys-leaked Fri, 05 May 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Business Logic Vulnerabilities: The Flaws Scanners Cannot Find]]> https://safeguard.sh/resources/blog/business-logic-vulnerabilities-guide https://safeguard.sh/resources/blog/business-logic-vulnerabilities-guide Fri, 05 May 2023 09:00:00 GMT AppSec hi@safeguard.sh (Yukti Singhal) <![CDATA[SLSA v1.0: Supply-chain Levels for Software Artifacts Reaches Maturity]]> https://safeguard.sh/resources/blog/supply-chain-levels-for-software-artifacts-slsa-v1 https://safeguard.sh/resources/blog/supply-chain-levels-for-software-artifacts-slsa-v1 Mon, 01 May 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[The Security Implications of Semantic Versioning]]> https://safeguard.sh/resources/blog/semantic-versioning-security-implications https://safeguard.sh/resources/blog/semantic-versioning-security-implications Fri, 28 Apr 2023 09:00:00 GMT Dependency Management hi@safeguard.sh (Yukti Singhal) <![CDATA[CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities]]> https://safeguard.sh/resources/blog/cisa-kev-catalog-one-year-analysis https://safeguard.sh/resources/blog/cisa-kev-catalog-one-year-analysis Tue, 25 Apr 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Post-Breach Supply Chain Hardening: Lessons from Real Incidents]]> https://safeguard.sh/resources/blog/post-breach-supply-chain-hardening https://safeguard.sh/resources/blog/post-breach-supply-chain-hardening Sat, 22 Apr 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Alex) <![CDATA[CISA Secure by Design Principles: What They Mean for Software Teams]]> https://safeguard.sh/resources/blog/cisa-secure-by-design-principles https://safeguard.sh/resources/blog/cisa-secure-by-design-principles Thu, 20 Apr 2023 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Michael) <![CDATA[PaperCut CVE-2023-27350: When Print Management Software Becomes a Ransomware Gateway]]> https://safeguard.sh/resources/blog/papercut-cve-2023-27350-rce-exploitation https://safeguard.sh/resources/blog/papercut-cve-2023-27350-rce-exploitation Wed, 19 Apr 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[How to Pin GitHub Actions to SHAs Correctly]]> https://safeguard.sh/resources/blog/how-to-pin-github-actions-to-shas-correctly https://safeguard.sh/resources/blog/how-to-pin-github-actions-to-shas-correctly Tue, 18 Apr 2023 12:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[GitLab CI/CD Security Configuration]]> https://safeguard.sh/resources/blog/gitlab-cicd-security-configuration https://safeguard.sh/resources/blog/gitlab-cicd-security-configuration Tue, 18 Apr 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Open Source Intelligence (OSINT) for Supply Chain Security]]> https://safeguard.sh/resources/blog/open-source-intelligence-osint-supply-chain https://safeguard.sh/resources/blog/open-source-intelligence-osint-supply-chain Tue, 18 Apr 2023 00:00:00 GMT Threat Intelligence hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Plugin Verification: Trusting Your Build-Time Dependencies]]> https://safeguard.sh/resources/blog/maven-plugin-verification https://safeguard.sh/resources/blog/maven-plugin-verification Sat, 15 Apr 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[npm Manifest Confusion: The Hidden Vulnerability in Every Node.js Project]]> https://safeguard.sh/resources/blog/npm-manifest-confusion-vulnerability https://safeguard.sh/resources/blog/npm-manifest-confusion-vulnerability Sat, 15 Apr 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[Choosing Between SCA Tools in 2023]]> https://safeguard.sh/resources/blog/choosing-between-sca-tools-2023 https://safeguard.sh/resources/blog/choosing-between-sca-tools-2023 Sat, 15 Apr 2023 09:00:00 GMT Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Black Duck SCA: The Enterprise Stalwart of Open Source Security]]> https://safeguard.sh/resources/blog/black-duck-software-composition-analysis https://safeguard.sh/resources/blog/black-duck-software-composition-analysis Sat, 15 Apr 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Bob) <![CDATA[A Taxonomy of Open Source Supply Chain Attacks]]> https://safeguard.sh/resources/blog/open-source-supply-chain-attack-taxonomy https://safeguard.sh/resources/blog/open-source-supply-chain-attack-taxonomy Sat, 15 Apr 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (James) <![CDATA[Software Escrow and Supply Chain Continuity Planning]]> https://safeguard.sh/resources/blog/software-escrow-supply-chain-continuity https://safeguard.sh/resources/blog/software-escrow-supply-chain-continuity Wed, 12 Apr 2023 11:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[Calico Network Policy Best Practices for Production Kubernetes]]> https://safeguard.sh/resources/blog/calico-network-policy-best-practices https://safeguard.sh/resources/blog/calico-network-policy-best-practices Wed, 12 Apr 2023 10:00:00 GMT Kubernetes Security hi@safeguard.sh (Nayan Dey) <![CDATA[The Shared Responsibility Model for Software Supply Chain Security]]> https://safeguard.sh/resources/blog/shared-responsibility-model-supply-chain https://safeguard.sh/resources/blog/shared-responsibility-model-supply-chain Wed, 12 Apr 2023 10:00:00 GMT Risk Management hi@safeguard.sh (Bob) <![CDATA[Software Heritage and the Case for Source Code Preservation]]> https://safeguard.sh/resources/blog/software-heritage-archive-preservation https://safeguard.sh/resources/blog/software-heritage-archive-preservation Sat, 08 Apr 2023 11:00:00 GMT Open Source hi@safeguard.sh (Shadab Khan) <![CDATA[Post-Install Hooks in Package Managers: The Universal Backdoor Mechanism]]> https://safeguard.sh/resources/blog/post-install-hooks-package-managers https://safeguard.sh/resources/blog/post-install-hooks-package-managers Sat, 08 Apr 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Software Attestation in Practice: From Theory to Implementation]]> https://safeguard.sh/resources/blog/software-attestation-in-practice https://safeguard.sh/resources/blog/software-attestation-in-practice Sat, 08 Apr 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Measuring Security Program Effectiveness]]> https://safeguard.sh/resources/blog/measuring-security-program-effectiveness https://safeguard.sh/resources/blog/measuring-security-program-effectiveness Sat, 08 Apr 2023 00:00:00 GMT Organizational Security hi@safeguard.sh (Alex) <![CDATA[3CX Desktop App: Anatomy of a Cascading Breach]]> https://safeguard.sh/resources/blog/3cx-desktop-app-cascading-breach https://safeguard.sh/resources/blog/3cx-desktop-app-cascading-breach Wed, 05 Apr 2023 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Chaos Engineering for Supply Chain Resilience: Breaking Your Build to Make It Stronger]]> https://safeguard.sh/resources/blog/chaos-engineering-supply-chain-resilience https://safeguard.sh/resources/blog/chaos-engineering-supply-chain-resilience Wed, 05 Apr 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Modern Command Injection Prevention: Beyond the Basics]]> https://safeguard.sh/resources/blog/command-injection-prevention-modern https://safeguard.sh/resources/blog/command-injection-prevention-modern Wed, 05 Apr 2023 09:00:00 GMT AppSec hi@safeguard.sh (Nayan Dey) <![CDATA[Running Containers in Rootless Mode: A Practical Security Guide]]> https://safeguard.sh/resources/blog/container-rootless-mode-security-guide https://safeguard.sh/resources/blog/container-rootless-mode-security-guide Wed, 05 Apr 2023 00:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Startup Security at Growth Stage: Building Enterprise-Grade Programs]]> https://safeguard.sh/resources/blog/startup-security-growth-stage-enterprise https://safeguard.sh/resources/blog/startup-security-growth-stage-enterprise Wed, 05 Apr 2023 00:00:00 GMT Startup Security hi@safeguard.sh (James) <![CDATA[3CX Attack Lessons: What Every Software Vendor Must Do Differently]]> https://safeguard.sh/resources/blog/3cx-attack-lessons-for-software-vendors https://safeguard.sh/resources/blog/3cx-attack-lessons-for-software-vendors Sun, 02 Apr 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[3CX Supply Chain Attack: A Deep Dive into the North Korean Compromise]]> https://safeguard.sh/resources/blog/3cx-supply-chain-attack-analysis https://safeguard.sh/resources/blog/3cx-supply-chain-attack-analysis Wed, 29 Mar 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Michael) <![CDATA[The March 2023 PyPI Malware Wave]]> https://safeguard.sh/resources/blog/pypi-malware-wave-march-2023 https://safeguard.sh/resources/blog/pypi-malware-wave-march-2023 Tue, 28 Mar 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[FISMA and Federal Software Security: Supply Chain Requirements Explained]]> https://safeguard.sh/resources/blog/fisma-federal-software-security-requirements https://safeguard.sh/resources/blog/fisma-federal-software-security-requirements Tue, 28 Mar 2023 10:00:00 GMT Compliance hi@safeguard.sh (Shadab Khan) <![CDATA[Azure Container Registry Security: Locking Down Your Image Pipeline]]> https://safeguard.sh/resources/blog/azure-container-registry-security https://safeguard.sh/resources/blog/azure-container-registry-security Sat, 25 Mar 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Alex) <![CDATA[OpenAI ChatGPT Data Breach March 2023: What Was Exposed]]> https://safeguard.sh/resources/blog/openai-chatgpt-data-breach-march-2023 https://safeguard.sh/resources/blog/openai-chatgpt-data-breach-march-2023 Fri, 24 Mar 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Shadab Khan) <![CDATA[Threat Modeling the Software Supply Chain]]> https://safeguard.sh/resources/blog/threat-modeling-software-supply-chain https://safeguard.sh/resources/blog/threat-modeling-software-supply-chain Wed, 22 Mar 2023 11:00:00 GMT Threat Modeling hi@safeguard.sh (Nayan Dey) <![CDATA[GitLab CI Security Scanning Setup]]> https://safeguard.sh/resources/blog/gitlab-ci-security-scanning-setup https://safeguard.sh/resources/blog/gitlab-ci-security-scanning-setup Wed, 22 Mar 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[Quantifying Security Debt: Methods That Actually Work]]> https://safeguard.sh/resources/blog/security-debt-quantification-methods https://safeguard.sh/resources/blog/security-debt-quantification-methods Wed, 22 Mar 2023 00:00:00 GMT Security Management hi@safeguard.sh (Shadab Khan) <![CDATA[AI-Generated Code Security Risks: Copilot, ChatGPT, and the New Attack Surface]]> https://safeguard.sh/resources/blog/ai-generated-code-security-risks https://safeguard.sh/resources/blog/ai-generated-code-security-risks Mon, 20 Mar 2023 10:00:00 GMT AI Security hi@safeguard.sh (James) <![CDATA[Cross-Language Dependency Analysis: Bridging npm, pip, Maven, and Beyond]]> https://safeguard.sh/resources/blog/cross-language-dependency-analysis https://safeguard.sh/resources/blog/cross-language-dependency-analysis Sat, 18 Mar 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[Go Module Checksum Database: How It Secures Your Dependencies]]> https://safeguard.sh/resources/blog/go-module-checksum-database-security https://safeguard.sh/resources/blog/go-module-checksum-database-security Sat, 18 Mar 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cross-Functional Security Collaboration]]> https://safeguard.sh/resources/blog/cross-functional-security-collaboration https://safeguard.sh/resources/blog/cross-functional-security-collaboration Sat, 18 Mar 2023 00:00:00 GMT Security Culture hi@safeguard.sh (Nayan Dey) <![CDATA[Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right]]> https://safeguard.sh/resources/blog/dynamic-application-security-testing-guide https://safeguard.sh/resources/blog/dynamic-application-security-testing-guide Sat, 18 Mar 2023 00:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[Ruby Brakeman Security Scanner: Rails-Aware Vulnerability Detection]]> https://safeguard.sh/resources/blog/ruby-brakeman-security-scanner https://safeguard.sh/resources/blog/ruby-brakeman-security-scanner Wed, 15 Mar 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Understanding EPSS: Exploit Prediction Scoring System Explained]]> https://safeguard.sh/resources/blog/understanding-epss-exploit-prediction-scoring https://safeguard.sh/resources/blog/understanding-epss-exploit-prediction-scoring Wed, 15 Mar 2023 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Yukti Singhal) <![CDATA[Web3 Smart Contract Dependencies: A Supply Chain Security Blind Spot]]> https://safeguard.sh/resources/blog/web3-smart-contract-supply-chain-security https://safeguard.sh/resources/blog/web3-smart-contract-supply-chain-security Wed, 15 Mar 2023 08:00:00 GMT Emerging Technology hi@safeguard.sh (James) <![CDATA[Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security]]> https://safeguard.sh/resources/blog/chrome-extension-manifest-v3-security https://safeguard.sh/resources/blog/chrome-extension-manifest-v3-security Wed, 15 Mar 2023 00:00:00 GMT Browser Security hi@safeguard.sh (James) <![CDATA[Go Modules Checksum Database: Five Years In]]> https://safeguard.sh/resources/blog/go-modules-checksum-database-five-years-in https://safeguard.sh/resources/blog/go-modules-checksum-database-five-years-in Sun, 12 Mar 2023 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[DDoS Protection for Software Distribution Infrastructure]]> https://safeguard.sh/resources/blog/ddos-protection-software-distribution https://safeguard.sh/resources/blog/ddos-protection-software-distribution Sun, 12 Mar 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Service Mesh mTLS Configuration: Getting Mutual TLS Right]]> https://safeguard.sh/resources/blog/service-mesh-mtls-configuration https://safeguard.sh/resources/blog/service-mesh-mtls-configuration Sun, 12 Mar 2023 10:00:00 GMT Kubernetes Security hi@safeguard.sh (James) <![CDATA[BuildKit and Buildah: Building Containers Without Giving Away the Keys]]> https://safeguard.sh/resources/blog/buildkit-buildah-secure-container-builds https://safeguard.sh/resources/blog/buildkit-buildah-secure-container-builds Sun, 12 Mar 2023 00:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[Security Code Review Best Practices]]> https://safeguard.sh/resources/blog/security-code-review-best-practices https://safeguard.sh/resources/blog/security-code-review-best-practices Fri, 10 Mar 2023 11:00:00 GMT Best Practices hi@safeguard.sh (James) <![CDATA[GitHub Private RSA Key Exposed in Public Repository]]> https://safeguard.sh/resources/blog/github-private-rsa-key-exposed-in-repository https://safeguard.sh/resources/blog/github-private-rsa-key-exposed-in-repository Fri, 10 Mar 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Nayan Dey) <![CDATA[Code Signing Certificates and Software Supply Chain Integrity]]> https://safeguard.sh/resources/blog/code-signing-certificates-supply-chain https://safeguard.sh/resources/blog/code-signing-certificates-supply-chain Wed, 08 Mar 2023 11:00:00 GMT Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Fortinet FortiProxy CVE-2023-25610: Buffer Underwrite in Network Security Infrastructure]]> https://safeguard.sh/resources/blog/fortinet-fortiproxy-cve-2023-25610 https://safeguard.sh/resources/blog/fortinet-fortiproxy-cve-2023-25610 Wed, 08 Mar 2023 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Git Credential Security for Organizations: Locking Down Source Access]]> https://safeguard.sh/resources/blog/git-credential-security-organizations https://safeguard.sh/resources/blog/git-credential-security-organizations Wed, 08 Mar 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Java Maven and Gradle Dependency Security]]> https://safeguard.sh/resources/blog/java-maven-gradle-dependency-security https://safeguard.sh/resources/blog/java-maven-gradle-dependency-security Wed, 08 Mar 2023 10:00:00 GMT Dependency Security hi@safeguard.sh (Shadab Khan) <![CDATA[Email Security and Supply Chain Phishing Attacks]]> https://safeguard.sh/resources/blog/email-security-supply-chain-phishing https://safeguard.sh/resources/blog/email-security-supply-chain-phishing Wed, 08 Mar 2023 00:00:00 GMT Social Engineering hi@safeguard.sh (Alex) <![CDATA[Kubernetes RBAC Security Best Practices for Supply Chain Protection]]> https://safeguard.sh/resources/blog/kubernetes-rbac-security-best-practices https://safeguard.sh/resources/blog/kubernetes-rbac-security-best-practices Sun, 05 Mar 2023 10:00:00 GMT Container Security hi@safeguard.sh (Michael) <![CDATA[Maven Dependency Resolution Attacks: Exploiting Java's Build System]]> https://safeguard.sh/resources/blog/maven-dependency-resolution-attacks https://safeguard.sh/resources/blog/maven-dependency-resolution-attacks Sun, 05 Mar 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[PWA Service Worker Attack Surface: What Security Teams Overlook]]> https://safeguard.sh/resources/blog/pwa-service-worker-attack-surface https://safeguard.sh/resources/blog/pwa-service-worker-attack-surface Sun, 05 Mar 2023 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Automating Typosquatting Detection for Package Registries]]> https://safeguard.sh/resources/blog/typosquatting-detection-automation https://safeguard.sh/resources/blog/typosquatting-detection-automation Sun, 05 Mar 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Australia's Critical Infrastructure Security Act and Software Supply Chain Risk]]> https://safeguard.sh/resources/blog/australia-critical-infrastructure-security https://safeguard.sh/resources/blog/australia-critical-infrastructure-security Sun, 05 Mar 2023 07:00:00 GMT Compliance hi@safeguard.sh (Bob) <![CDATA[Setting Up Continuous Dependency Monitoring From Scratch]]> https://safeguard.sh/resources/blog/continuous-dependency-monitoring-setup https://safeguard.sh/resources/blog/continuous-dependency-monitoring-setup Tue, 28 Feb 2023 09:00:00 GMT Dependency Management hi@safeguard.sh (Michael) <![CDATA[GitLab Ultimate Security Features: Built-In Security Done Pragmatically]]> https://safeguard.sh/resources/blog/gitlab-ultimate-security-features-review https://safeguard.sh/resources/blog/gitlab-ultimate-security-features-review Tue, 28 Feb 2023 00:00:00 GMT Tool Reviews hi@safeguard.sh (Shadab Khan) <![CDATA[Swift CocoaPods and SPM Security]]> https://safeguard.sh/resources/blog/swift-cocoapods-spm-security https://safeguard.sh/resources/blog/swift-cocoapods-spm-security Sat, 25 Feb 2023 10:00:00 GMT Dependency Security hi@safeguard.sh (Nayan Dey) <![CDATA[Spinnaker Deployment Security]]> https://safeguard.sh/resources/blog/spinnaker-deployment-security https://safeguard.sh/resources/blog/spinnaker-deployment-security Sat, 25 Feb 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Securing GCP Artifact Registry: A Complete Guide]]> https://safeguard.sh/resources/blog/gcp-artifact-registry-security-guide https://safeguard.sh/resources/blog/gcp-artifact-registry-security-guide Wed, 22 Feb 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Requirements for Medical Devices: FDA's New Mandate]]> https://safeguard.sh/resources/blog/sbom-requirements-for-medical-devices-fda https://safeguard.sh/resources/blog/sbom-requirements-for-medical-devices-fda Mon, 20 Feb 2023 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Alex) <![CDATA[gosec: Static Analysis for Go Security]]> https://safeguard.sh/resources/blog/gosec-static-analysis-go-security https://safeguard.sh/resources/blog/gosec-static-analysis-go-security Sat, 18 Feb 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Jira Service Management CVE-2023-22501: Broken Authentication Exposes Enterprise Workflows]]> https://safeguard.sh/resources/blog/jira-service-management-cve-2023-22501 https://safeguard.sh/resources/blog/jira-service-management-cve-2023-22501 Wed, 15 Feb 2023 12:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[SBOM Sharing and Distribution Best Practices]]> https://safeguard.sh/resources/blog/sbom-sharing-and-distribution-best-practices https://safeguard.sh/resources/blog/sbom-sharing-and-distribution-best-practices Wed, 15 Feb 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Defense in Depth for the Software Supply Chain]]> https://safeguard.sh/resources/blog/defense-in-depth-software-supply-chain https://safeguard.sh/resources/blog/defense-in-depth-software-supply-chain Wed, 15 Feb 2023 00:00:00 GMT Security Architecture hi@safeguard.sh (Yukti Singhal) <![CDATA[Alpine APK Security Model: Small Footprint, Big Trust Decisions]]> https://safeguard.sh/resources/blog/alpine-apk-security-model https://safeguard.sh/resources/blog/alpine-apk-security-model Sun, 12 Feb 2023 10:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Android APK Supply Chain Verification: Beyond Play Protect]]> https://safeguard.sh/resources/blog/android-apk-supply-chain-verification https://safeguard.sh/resources/blog/android-apk-supply-chain-verification Sun, 12 Feb 2023 10:00:00 GMT Mobile Security hi@safeguard.sh (Michael) <![CDATA[CDN Poisoning Attacks: How Cached Content Becomes a Weapon]]> https://safeguard.sh/resources/blog/cdn-poisoning-attacks-prevention https://safeguard.sh/resources/blog/cdn-poisoning-attacks-prevention Sun, 12 Feb 2023 00:00:00 GMT Web Security hi@safeguard.sh (Bob) <![CDATA[Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses]]> https://safeguard.sh/resources/blog/cross-site-scripting-xss-prevention https://safeguard.sh/resources/blog/cross-site-scripting-xss-prevention Sun, 12 Feb 2023 00:00:00 GMT Code Security hi@safeguard.sh (Nayan Dey) <![CDATA[SBOMs for Serverless Applications: What Changes and What Doesn't]]> https://safeguard.sh/resources/blog/sbom-for-serverless-applications https://safeguard.sh/resources/blog/sbom-for-serverless-applications Sun, 12 Feb 2023 00:00:00 GMT SBOM hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Mandatory 2FA for Critical Packages: A Turning Point for Python Security]]> https://safeguard.sh/resources/blog/pypi-mandatory-2fa-for-critical-packages https://safeguard.sh/resources/blog/pypi-mandatory-2fa-for-critical-packages Fri, 10 Feb 2023 10:00:00 GMT Open Source Security hi@safeguard.sh (Bob) <![CDATA[Cybersecurity Budget Planning: A Practical Guide for Security Leaders]]> https://safeguard.sh/resources/blog/cybersecurity-budget-planning-guide https://safeguard.sh/resources/blog/cybersecurity-budget-planning-guide Wed, 08 Feb 2023 10:00:00 GMT Security Strategy hi@safeguard.sh (Michael) <![CDATA[GoAnywhere MFT Zero-Day (CVE-2023-0669): Clop Ransomware's File Transfer Rampage]]> https://safeguard.sh/resources/blog/goanywhere-mft-cve-2023-0669-clop https://safeguard.sh/resources/blog/goanywhere-mft-cve-2023-0669-clop Mon, 06 Feb 2023 09:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Session Management Security: A Complete Guide]]> https://safeguard.sh/resources/blog/session-management-security-guide https://safeguard.sh/resources/blog/session-management-security-guide Sun, 05 Feb 2023 10:00:00 GMT Web Security hi@safeguard.sh (Shadab Khan) <![CDATA[VPN Security for Remote Development Teams: Beyond the Basics]]> https://safeguard.sh/resources/blog/vpn-security-remote-development-teams https://safeguard.sh/resources/blog/vpn-security-remote-development-teams Sun, 05 Feb 2023 10:00:00 GMT Network Security hi@safeguard.sh (Nayan Dey) <![CDATA[ESLint Supply Chain Attack: Malicious npm Packages Targeting Developers]]> https://safeguard.sh/resources/blog/eslint-supply-chain-attack-npm-packages https://safeguard.sh/resources/blog/eslint-supply-chain-attack-npm-packages Fri, 03 Feb 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (James) <![CDATA[Fork Maintenance and Your Security Responsibilities]]> https://safeguard.sh/resources/blog/fork-maintenance-security-responsibilities https://safeguard.sh/resources/blog/fork-maintenance-security-responsibilities Sat, 28 Jan 2023 09:00:00 GMT Dependency Management hi@safeguard.sh (Michael) <![CDATA[Dependency Pinning vs. Ranges: The Tradeoffs]]> https://safeguard.sh/resources/blog/dependency-pinning-vs-ranges-tradeoffs https://safeguard.sh/resources/blog/dependency-pinning-vs-ranges-tradeoffs Wed, 25 Jan 2023 14:00:00 GMT Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[GitHub RSA SSH Key Rotation Incident: Why It Mattered]]> https://safeguard.sh/resources/blog/github-rsa-ssh-key-rotation-incident https://safeguard.sh/resources/blog/github-rsa-ssh-key-rotation-incident Wed, 25 Jan 2023 10:00:00 GMT Incident Response hi@safeguard.sh (Shadab Khan) <![CDATA[Dependabot vs Renovate: Which Dependency Update Bot Should You Use?]]> https://safeguard.sh/resources/blog/dependabot-renovate-comparison-guide https://safeguard.sh/resources/blog/dependabot-renovate-comparison-guide Wed, 25 Jan 2023 00:00:00 GMT Tool Comparisons hi@safeguard.sh (Shadab Khan) <![CDATA[Cryptographic Library Selection Guide: Choosing Wisely for Your Stack]]> https://safeguard.sh/resources/blog/cryptographic-library-selection-guide https://safeguard.sh/resources/blog/cryptographic-library-selection-guide Sun, 22 Jan 2023 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Royal Ransomware: Why Healthcare Became the Primary Target]]> https://safeguard.sh/resources/blog/royal-ransomware-healthcare-targeting https://safeguard.sh/resources/blog/royal-ransomware-healthcare-targeting Sun, 22 Jan 2023 10:00:00 GMT Ransomware hi@safeguard.sh (Alex) <![CDATA[Securing AI/ML Pipelines: The Supply Chain You're Not Watching]]> https://safeguard.sh/resources/blog/securing-ai-ml-pipelines-supply-chain https://safeguard.sh/resources/blog/securing-ai-ml-pipelines-supply-chain Fri, 20 Jan 2023 10:00:00 GMT AI Security hi@safeguard.sh (Bob) <![CDATA[T-Mobile API Breach: 37 Million Records Stolen Through an Unsecured API]]> https://safeguard.sh/resources/blog/t-mobile-breach-2022-api-exploitation https://safeguard.sh/resources/blog/t-mobile-breach-2022-api-exploitation Thu, 19 Jan 2023 11:00:00 GMT Incident Analysis hi@safeguard.sh (Alex) <![CDATA[SBOM Format Conversion: Tools and Techniques]]> https://safeguard.sh/resources/blog/sbom-format-conversion-tools https://safeguard.sh/resources/blog/sbom-format-conversion-tools Wed, 18 Jan 2023 00:00:00 GMT SBOM hi@safeguard.sh (Nayan Dey) <![CDATA[Azure Defender for Containers: Getting Real Security Value]]> https://safeguard.sh/resources/blog/azure-defender-for-containers-guide https://safeguard.sh/resources/blog/azure-defender-for-containers-guide Sun, 15 Jan 2023 10:00:00 GMT Cloud Security hi@safeguard.sh (Yukti Singhal) <![CDATA[ChatGPT and AI Security Implications for Software Supply Chains]]> https://safeguard.sh/resources/blog/chatgpt-ai-security-implications-supply-chain https://safeguard.sh/resources/blog/chatgpt-ai-security-implications-supply-chain Sun, 15 Jan 2023 10:00:00 GMT AI Security hi@safeguard.sh (Nayan Dey) <![CDATA[CCPA/CPRA and Software Security: What Developers Must Know]]> https://safeguard.sh/resources/blog/ccpa-cpra-software-security-requirements https://safeguard.sh/resources/blog/ccpa-cpra-software-security-requirements Sun, 15 Jan 2023 09:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[Blue-Green Deployment Security]]> https://safeguard.sh/resources/blog/blue-green-deployment-security https://safeguard.sh/resources/blog/blue-green-deployment-security Sun, 15 Jan 2023 00:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use]]> https://safeguard.sh/resources/blog/sensitive-data-exposure-prevention https://safeguard.sh/resources/blog/sensitive-data-exposure-prevention Sun, 15 Jan 2023 00:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[CSP Bypass Techniques and Prevention: Beyond the Basics]]> https://safeguard.sh/resources/blog/csp-bypass-techniques-prevention https://safeguard.sh/resources/blog/csp-bypass-techniques-prevention Thu, 12 Jan 2023 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Nexus Repository Security Hardening: Beyond the Defaults]]> https://safeguard.sh/resources/blog/nexus-repository-security-hardening https://safeguard.sh/resources/blog/nexus-repository-security-hardening Thu, 12 Jan 2023 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Nayan Dey) <![CDATA[Container Image Hardening Checklist]]> https://safeguard.sh/resources/blog/container-image-hardening-checklist https://safeguard.sh/resources/blog/container-image-hardening-checklist Thu, 12 Jan 2023 08:00:00 GMT Best Practices hi@safeguard.sh (Bob) <![CDATA[OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond]]> https://safeguard.sh/resources/blog/openssl-project-governance-security https://safeguard.sh/resources/blog/openssl-project-governance-security Thu, 12 Jan 2023 00:00:00 GMT Open Source Security hi@safeguard.sh (James) <![CDATA[CircleCI Credential Rotation: The Mass-Reset Event]]> https://safeguard.sh/resources/blog/circleci-credential-rotation-mass-event-2023 https://safeguard.sh/resources/blog/circleci-credential-rotation-mass-event-2023 Tue, 10 Jan 2023 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[PHPStan Security Analysis: Static Typing as a Security Tool for PHP]]> https://safeguard.sh/resources/blog/phpstan-security-analysis https://safeguard.sh/resources/blog/phpstan-security-analysis Sun, 08 Jan 2023 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Symlink Attacks in Package Managers: Following Links to Trouble]]> https://safeguard.sh/resources/blog/symlink-attacks-package-managers https://safeguard.sh/resources/blog/symlink-attacks-package-managers Sun, 08 Jan 2023 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Vendor Concentration Risk in Software: When One Vendor Failure Breaks Everything]]> https://safeguard.sh/resources/blog/vendor-concentration-risk-software https://safeguard.sh/resources/blog/vendor-concentration-risk-software Sun, 08 Jan 2023 10:00:00 GMT Security Strategy hi@safeguard.sh (James) <![CDATA[Vue.js Security Best Practices]]> https://safeguard.sh/resources/blog/vue-js-security-best-practices https://safeguard.sh/resources/blog/vue-js-security-best-practices Sun, 08 Jan 2023 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[CircleCI Security Incident January 2023: What Happened and What We Learned]]> https://safeguard.sh/resources/blog/circleci-security-incident-january-2023 https://safeguard.sh/resources/blog/circleci-security-incident-january-2023 Thu, 05 Jan 2023 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Race Condition Vulnerabilities in Web Applications]]> https://safeguard.sh/resources/blog/race-condition-vulnerabilities-web-apps https://safeguard.sh/resources/blog/race-condition-vulnerabilities-web-apps Thu, 05 Jan 2023 10:00:00 GMT Web Security hi@safeguard.sh (Michael) <![CDATA[Slack GitHub Repository Theft: Stolen Tokens and the Risks of Third-Party Integrations]]> https://safeguard.sh/resources/blog/slack-github-repository-theft-2022 https://safeguard.sh/resources/blog/slack-github-repository-theft-2022 Wed, 04 Jan 2023 08:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[Release Management Security Checklist]]> https://safeguard.sh/resources/blog/release-management-security-checklist https://safeguard.sh/resources/blog/release-management-security-checklist Wed, 28 Dec 2022 09:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Responsible Disclosure in Open Source: The Messy Reality]]> https://safeguard.sh/resources/blog/responsible-disclosure-open-source https://safeguard.sh/resources/blog/responsible-disclosure-open-source Thu, 22 Dec 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Software Supply Chain Security in 2022: The Year Everything Changed]]> https://safeguard.sh/resources/blog/software-supply-chain-security-2022-year-review https://safeguard.sh/resources/blog/software-supply-chain-security-2022-year-review Tue, 20 Dec 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[GLBA and Financial Software Security: Safeguards Rule Deep Dive]]> https://safeguard.sh/resources/blog/glba-financial-software-security https://safeguard.sh/resources/blog/glba-financial-software-security Tue, 20 Dec 2022 09:00:00 GMT Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Software Vendor Risk Scoring Methodology]]> https://safeguard.sh/resources/blog/software-vendor-risk-scoring-methodology https://safeguard.sh/resources/blog/software-vendor-risk-scoring-methodology Sun, 18 Dec 2022 00:00:00 GMT Risk Management hi@safeguard.sh (Nayan Dey) <![CDATA[Open Source Funding, Sustainability, and Security]]> https://safeguard.sh/resources/blog/open-source-funding-sustainability-security https://safeguard.sh/resources/blog/open-source-funding-sustainability-security Thu, 15 Dec 2022 10:00:00 GMT Open Source hi@safeguard.sh (Alex) <![CDATA[Security Budget Justification Guide]]> https://safeguard.sh/resources/blog/security-budget-justification-guide https://safeguard.sh/resources/blog/security-budget-justification-guide Thu, 15 Dec 2022 00:00:00 GMT Organizational Security hi@safeguard.sh (Bob) <![CDATA[Lessons from SolarWinds: Two Years Later]]> https://safeguard.sh/resources/blog/lessons-from-solarwinds-two-years-later https://safeguard.sh/resources/blog/lessons-from-solarwinds-two-years-later Tue, 13 Dec 2022 00:00:00 GMT Case Studies hi@safeguard.sh (Yukti Singhal) <![CDATA[Cilium Network Security in Kubernetes: Beyond Basic Network Policies]]> https://safeguard.sh/resources/blog/cilium-network-security-kubernetes https://safeguard.sh/resources/blog/cilium-network-security-kubernetes Mon, 12 Dec 2022 10:00:00 GMT Kubernetes Security hi@safeguard.sh (Yukti Singhal) <![CDATA[GitHub Repository Security Settings Guide]]> https://safeguard.sh/resources/blog/github-repository-security-settings-guide https://safeguard.sh/resources/blog/github-repository-security-settings-guide Mon, 12 Dec 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Log4j One Year Later: What We Learned and What We Didn't Fix]]> https://safeguard.sh/resources/blog/log4j-one-year-later-lessons-learned https://safeguard.sh/resources/blog/log4j-one-year-later-lessons-learned Mon, 12 Dec 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Single Points of Failure in Software Supply Chains]]> https://safeguard.sh/resources/blog/single-points-of-failure-supply-chains https://safeguard.sh/resources/blog/single-points-of-failure-supply-chains Mon, 12 Dec 2022 10:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[FortiGate SSL-VPN Zero-Day (CVE-2022-42475): How a Heap Overflow Gave Attackers the Keys]]> https://safeguard.sh/resources/blog/fortinet-fortigate-ssl-vpn-cve-2022-42475 https://safeguard.sh/resources/blog/fortinet-fortigate-ssl-vpn-cve-2022-42475 Mon, 12 Dec 2022 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[The End-of-Year Dependency Audit Ritual]]> https://safeguard.sh/resources/blog/end-of-year-dependency-audit-ritual-2022 https://safeguard.sh/resources/blog/end-of-year-dependency-audit-ritual-2022 Sat, 10 Dec 2022 12:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[Startup Security at Series A: Scaling Without Breaking]]> https://safeguard.sh/resources/blog/startup-security-series-a-scaling https://safeguard.sh/resources/blog/startup-security-series-a-scaling Sat, 10 Dec 2022 00:00:00 GMT Startup Security hi@safeguard.sh (Shadab Khan) <![CDATA[Cargo Build Script Security: What build.rs Can Do to Your Machine]]> https://safeguard.sh/resources/blog/cargo-build-script-security https://safeguard.sh/resources/blog/cargo-build-script-security Thu, 08 Dec 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[FOSSA Review: Open Source License Compliance at Enterprise Scale]]> https://safeguard.sh/resources/blog/fossa-open-source-compliance-review https://safeguard.sh/resources/blog/fossa-open-source-compliance-review Thu, 08 Dec 2022 00:00:00 GMT Tool Reviews hi@safeguard.sh (James) <![CDATA[Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller]]> https://safeguard.sh/resources/blog/kubernetes-pod-security-standards https://safeguard.sh/resources/blog/kubernetes-pod-security-standards Thu, 08 Dec 2022 00:00:00 GMT Kubernetes Security hi@safeguard.sh (Nayan Dey) <![CDATA[GitHub Code Signing Bypass: When the Trust Anchor Fails]]> https://safeguard.sh/resources/blog/github-code-signing-bypass-vulnerability https://safeguard.sh/resources/blog/github-code-signing-bypass-vulnerability Mon, 05 Dec 2022 11:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[LDAP Injection Prevention Guide]]> https://safeguard.sh/resources/blog/ldap-injection-prevention-guide https://safeguard.sh/resources/blog/ldap-injection-prevention-guide Mon, 05 Dec 2022 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Property-Based Testing for Security: Defining Invariants That Must Never Break]]> https://safeguard.sh/resources/blog/property-based-testing-security https://safeguard.sh/resources/blog/property-based-testing-security Mon, 05 Dec 2022 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[PyPI Malware Campaigns Surge in Q4 2022: A Roundup of the Worst Offenders]]> https://safeguard.sh/resources/blog/pypi-malware-campaigns-q4-2022 https://safeguard.sh/resources/blog/pypi-malware-campaigns-q4-2022 Mon, 05 Dec 2022 10:00:00 GMT Open Source Security hi@safeguard.sh (Alex) <![CDATA[Dependency Graph Analysis: Finding Hidden Transitive Risks]]> https://safeguard.sh/resources/blog/dependency-graph-analysis-transitive-risks https://safeguard.sh/resources/blog/dependency-graph-analysis-transitive-risks Thu, 01 Dec 2022 10:00:00 GMT Software Supply Chain hi@safeguard.sh (Shadab Khan) <![CDATA[Incident Response Playbook for Supply Chain Attacks]]> https://safeguard.sh/resources/blog/incident-response-playbook-supply-chain-attacks https://safeguard.sh/resources/blog/incident-response-playbook-supply-chain-attacks Mon, 28 Nov 2022 10:00:00 GMT Incident Response hi@safeguard.sh (Bob) <![CDATA[5G Networks and the Software Supply Chain Risks Nobody Talks About]]> https://safeguard.sh/resources/blog/5g-network-software-supply-chain-risks https://safeguard.sh/resources/blog/5g-network-software-supply-chain-risks Fri, 25 Nov 2022 10:00:00 GMT Emerging Technology hi@safeguard.sh (Alex) <![CDATA[LastPass Second Breach: Encrypted Vaults Stolen Using Data from First Attack]]> https://safeguard.sh/resources/blog/lastpass-second-breach-encrypted-vaults https://safeguard.sh/resources/blog/lastpass-second-breach-encrypted-vaults Tue, 22 Nov 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (James) <![CDATA[Penetration Testing the Software Supply Chain]]> https://safeguard.sh/resources/blog/penetration-testing-software-supply-chain https://safeguard.sh/resources/blog/penetration-testing-software-supply-chain Tue, 22 Nov 2022 10:00:00 GMT Offensive Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Startup Security Budget Allocation: Where to Spend First]]> https://safeguard.sh/resources/blog/startup-security-budget-allocation-guide https://safeguard.sh/resources/blog/startup-security-budget-allocation-guide Tue, 22 Nov 2022 09:00:00 GMT Industry Guides hi@safeguard.sh (James) <![CDATA[Vulnerability Correlation Across Package Ecosystems]]> https://safeguard.sh/resources/blog/vulnerability-correlation-across-ecosystems https://safeguard.sh/resources/blog/vulnerability-correlation-across-ecosystems Tue, 22 Nov 2022 09:00:00 GMT Vulnerability Management hi@safeguard.sh (Michael) <![CDATA[The Open Source Maintainer Burnout Crisis and Its Security Consequences]]> https://safeguard.sh/resources/blog/open-source-maintainer-burnout-crisis https://safeguard.sh/resources/blog/open-source-maintainer-burnout-crisis Sun, 20 Nov 2022 00:00:00 GMT Open Source hi@safeguard.sh (Bob) <![CDATA[Docker Desktop WSL2 Security Changes in 2022]]> https://safeguard.sh/resources/blog/docker-desktop-wsl2-security-changes-2022 https://safeguard.sh/resources/blog/docker-desktop-wsl2-security-changes-2022 Fri, 18 Nov 2022 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[AWS ECR Container Scanning: Beyond the Defaults]]> https://safeguard.sh/resources/blog/aws-ecr-container-scanning-guide https://safeguard.sh/resources/blog/aws-ecr-container-scanning-guide Fri, 18 Nov 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Bob) <![CDATA[Python Package Security Best Practices]]> https://safeguard.sh/resources/blog/python-package-security-best-practices https://safeguard.sh/resources/blog/python-package-security-best-practices Fri, 18 Nov 2022 10:00:00 GMT Dependency Security hi@safeguard.sh (Nayan Dey) <![CDATA[Scaling a Security Champions Network]]> https://safeguard.sh/resources/blog/security-champions-network-scaling https://safeguard.sh/resources/blog/security-champions-network-scaling Fri, 18 Nov 2022 00:00:00 GMT Security Culture hi@safeguard.sh (Yukti Singhal) <![CDATA[Browser Extension Supply Chain Attacks: The Overlooked Threat Vector]]> https://safeguard.sh/resources/blog/browser-extension-supply-chain-attacks https://safeguard.sh/resources/blog/browser-extension-supply-chain-attacks Tue, 15 Nov 2022 10:00:00 GMT Threat Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Podman vs Docker Security: What Actually Changes When You Drop the Daemon]]> https://safeguard.sh/resources/blog/podman-vs-docker-security-comparison https://safeguard.sh/resources/blog/podman-vs-docker-security-comparison Tue, 15 Nov 2022 00:00:00 GMT Container Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Runtime vs Static Container Analysis: Complementary, Not Competing]]> https://safeguard.sh/resources/blog/runtime-vs-static-container-analysis https://safeguard.sh/resources/blog/runtime-vs-static-container-analysis Sat, 12 Nov 2022 10:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Rust Adoption in Security-Critical Software: Where We Stand]]> https://safeguard.sh/resources/blog/rust-adoption-security-critical-software https://safeguard.sh/resources/blog/rust-adoption-security-critical-software Sat, 12 Nov 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Software Supply Chain Forensics: Investigation Techniques After a Compromise]]> https://safeguard.sh/resources/blog/software-supply-chain-forensics-guide https://safeguard.sh/resources/blog/software-supply-chain-forensics-guide Sat, 12 Nov 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[WAF Rule Writing Best Practices: From Alert Fatigue to Actionable Protection]]> https://safeguard.sh/resources/blog/waf-rule-writing-best-practices https://safeguard.sh/resources/blog/waf-rule-writing-best-practices Sat, 12 Nov 2022 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Taming Static Analysis: A Practical Guide to False Positive Reduction]]> https://safeguard.sh/resources/blog/static-analysis-false-positive-reduction https://safeguard.sh/resources/blog/static-analysis-false-positive-reduction Sat, 12 Nov 2022 00:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Vulnerability Coordination Across the Open Source Ecosystem]]> https://safeguard.sh/resources/blog/vulnerability-coordination-open-source https://safeguard.sh/resources/blog/vulnerability-coordination-open-source Sat, 12 Nov 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Automating Vulnerability Remediation: A Practical Guide]]> https://safeguard.sh/resources/blog/automating-vulnerability-remediation-guide https://safeguard.sh/resources/blog/automating-vulnerability-remediation-guide Tue, 08 Nov 2022 14:00:00 GMT How-To Guide hi@safeguard.sh (Nayan Dey) <![CDATA[Container Image Signing with Cosign: A Practical Deep Dive]]> https://safeguard.sh/resources/blog/container-image-signing-with-cosign https://safeguard.sh/resources/blog/container-image-signing-with-cosign Tue, 08 Nov 2022 10:00:00 GMT Container Security hi@safeguard.sh (Alex) <![CDATA[Software Update Signing and Verification: Getting It Right]]> https://safeguard.sh/resources/blog/software-update-signing-verification https://safeguard.sh/resources/blog/software-update-signing-verification Tue, 08 Nov 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Jenkins Pipeline Security Hardening]]> https://safeguard.sh/resources/blog/jenkins-pipeline-security-hardening https://safeguard.sh/resources/blog/jenkins-pipeline-security-hardening Tue, 08 Nov 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Brand Protection on Package Registries: Defending Your Namespace]]> https://safeguard.sh/resources/blog/brand-protection-package-registries https://safeguard.sh/resources/blog/brand-protection-package-registries Sat, 05 Nov 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[PyPI Namespace Squatting: How Attackers Exploit Python's Flat Package Namespace]]> https://safeguard.sh/resources/blog/pypi-namespace-squatting-prevention https://safeguard.sh/resources/blog/pypi-namespace-squatting-prevention Sat, 05 Nov 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Browser Extension Permission Models and Supply Chain Risk]]> https://safeguard.sh/resources/blog/browser-extension-permission-model https://safeguard.sh/resources/blog/browser-extension-permission-model Sat, 05 Nov 2022 09:00:00 GMT Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Browser Extension Attacks and the Supply Chain]]> https://safeguard.sh/resources/blog/browser-supply-chain-extension-attacks https://safeguard.sh/resources/blog/browser-supply-chain-extension-attacks Sat, 05 Nov 2022 00:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Dropbox Breach: Phishing Attack Exposes 130 Private GitHub Repositories]]> https://safeguard.sh/resources/blog/dropbox-phishing-attack-github-repositories https://safeguard.sh/resources/blog/dropbox-phishing-attack-github-repositories Wed, 02 Nov 2022 10:00:00 GMT Incident Response hi@safeguard.sh (Shadab Khan) <![CDATA[Makefile Injection Attacks: When Build Automation Becomes a Weapon]]> https://safeguard.sh/resources/blog/makefile-injection-attacks https://safeguard.sh/resources/blog/makefile-injection-attacks Sun, 30 Oct 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[OpenSSL CVE-2022-3602: The Critical That Wasn't (But Still Matters)]]> https://safeguard.sh/resources/blog/openssl-critical-vulnerability-cve-2022-3602 https://safeguard.sh/resources/blog/openssl-critical-vulnerability-cve-2022-3602 Fri, 28 Oct 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Real Estate and PropTech Security Considerations]]> https://safeguard.sh/resources/blog/real-estate-proptech-security-considerations https://safeguard.sh/resources/blog/real-estate-proptech-security-considerations Fri, 28 Oct 2022 09:00:00 GMT Industry Guides hi@safeguard.sh (Yukti Singhal) <![CDATA[Build Reproducibility: A Verification Guide]]> https://safeguard.sh/resources/blog/build-reproducibility-verification-guide https://safeguard.sh/resources/blog/build-reproducibility-verification-guide Tue, 25 Oct 2022 11:00:00 GMT Build Security hi@safeguard.sh (Michael) <![CDATA[Security Impact Analysis for Dependency Updates]]> https://safeguard.sh/resources/blog/security-impact-analysis-dependency-updates https://safeguard.sh/resources/blog/security-impact-analysis-dependency-updates Tue, 25 Oct 2022 09:00:00 GMT Dependency Management hi@safeguard.sh (Nayan Dey) <![CDATA[Mend.io (WhiteSource): The Renamed SCA Veteran]]> https://safeguard.sh/resources/blog/mend-io-whitesource-sca-review https://safeguard.sh/resources/blog/mend-io-whitesource-sca-review Sat, 22 Oct 2022 00:00:00 GMT Tool Reviews hi@safeguard.sh (Nayan Dey) <![CDATA[SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It]]> https://safeguard.sh/resources/blog/sql-injection-prevention-modern-guide https://safeguard.sh/resources/blog/sql-injection-prevention-modern-guide Sat, 22 Oct 2022 00:00:00 GMT Code Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Tekton Pipeline Security Guide]]> https://safeguard.sh/resources/blog/tekton-pipeline-security-guide https://safeguard.sh/resources/blog/tekton-pipeline-security-guide Sat, 22 Oct 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Open Source Policy Template for Enterprises]]> https://safeguard.sh/resources/blog/open-source-policy-template-enterprises https://safeguard.sh/resources/blog/open-source-policy-template-enterprises Thu, 20 Oct 2022 14:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[The SBOM Maturity Model: A Practical Roadmap for Enterprise Adoption]]> https://safeguard.sh/resources/blog/sbom-maturity-model-for-enterprises https://safeguard.sh/resources/blog/sbom-maturity-model-for-enterprises Thu, 20 Oct 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (James) <![CDATA[Package Lock Files and Their Security Implications]]> https://safeguard.sh/resources/blog/package-lock-files-security-implications https://safeguard.sh/resources/blog/package-lock-files-security-implications Tue, 18 Oct 2022 11:00:00 GMT Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Text4Shell (CVE-2022-42889): Apache Commons Text and the Haunting Echo of Log4Shell]]> https://safeguard.sh/resources/blog/apache-commons-text-text4shell-cve-2022-42889 https://safeguard.sh/resources/blog/apache-commons-text-text4shell-cve-2022-42889 Tue, 18 Oct 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[LockBit 3.0: The Evolution of the World's Most Prolific Ransomware Operation]]> https://safeguard.sh/resources/blog/lockbit-3-0-ransomware-evolution https://safeguard.sh/resources/blog/lockbit-3-0-ransomware-evolution Tue, 18 Oct 2022 10:00:00 GMT Ransomware hi@safeguard.sh (Bob) <![CDATA[Business Continuity Planning for Supply Chain Attacks]]> https://safeguard.sh/resources/blog/business-continuity-supply-chain-attacks https://safeguard.sh/resources/blog/business-continuity-supply-chain-attacks Tue, 18 Oct 2022 00:00:00 GMT Business Continuity hi@safeguard.sh (Michael) <![CDATA[VS Code Extension Marketplace Security: The IDE Supply Chain]]> https://safeguard.sh/resources/blog/vscode-extension-marketplace-security https://safeguard.sh/resources/blog/vscode-extension-marketplace-security Tue, 18 Oct 2022 00:00:00 GMT Developer Security hi@safeguard.sh (Shadab Khan) <![CDATA[Azure DevOps Pipeline Security Hardening: A Practical Guide]]> https://safeguard.sh/resources/blog/azure-devops-pipeline-security-hardening https://safeguard.sh/resources/blog/azure-devops-pipeline-security-hardening Sat, 15 Oct 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Nayan Dey) <![CDATA[Bandit for Python Security Linting: Getting Real Value From Static Analysis]]> https://safeguard.sh/resources/blog/bandit-python-security-linting https://safeguard.sh/resources/blog/bandit-python-security-linting Sat, 15 Oct 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Sigstore Reaches GA: Free Software Signing for Everyone]]> https://safeguard.sh/resources/blog/sigstore-general-availability-software-signing https://safeguard.sh/resources/blog/sigstore-general-availability-software-signing Sat, 15 Oct 2022 10:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Setting Up Pre-Commit Security Hooks]]> https://safeguard.sh/resources/blog/pre-commit-security-hooks-setup-guide https://safeguard.sh/resources/blog/pre-commit-security-hooks-setup-guide Wed, 12 Oct 2022 13:00:00 GMT How-To Guide hi@safeguard.sh (James) <![CDATA[Debian Repository Security: A Practical Hardening Guide]]> https://safeguard.sh/resources/blog/debian-repository-security-guide https://safeguard.sh/resources/blog/debian-repository-security-guide Wed, 12 Oct 2022 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Nayan Dey) <![CDATA[iOS Sideloading Security Implications for Enterprise Environments]]> https://safeguard.sh/resources/blog/ios-sideloading-security-implications https://safeguard.sh/resources/blog/ios-sideloading-security-implications Wed, 12 Oct 2022 10:00:00 GMT Mobile Security hi@safeguard.sh (Alex) <![CDATA[OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work]]> https://safeguard.sh/resources/blog/opa-gatekeeper-kubernetes-policies https://safeguard.sh/resources/blog/opa-gatekeeper-kubernetes-policies Wed, 12 Oct 2022 00:00:00 GMT Kubernetes Security hi@safeguard.sh (Michael) <![CDATA[Tern: Container SBOM Generation Through Layer Analysis]]> https://safeguard.sh/resources/blog/tern-sbom-container-analysis-tool https://safeguard.sh/resources/blog/tern-sbom-container-analysis-tool Wed, 12 Oct 2022 00:00:00 GMT Tool Reviews hi@safeguard.sh (Bob) <![CDATA[CISA Self-Attestation Form: What Software Producers Need to Know]]> https://safeguard.sh/resources/blog/cisa-self-attestation-form-secure-software https://safeguard.sh/resources/blog/cisa-self-attestation-form-secure-software Sat, 08 Oct 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Nayan Dey) <![CDATA[GDPR and Software Supply Chain Obligations You Can't Ignore]]> https://safeguard.sh/resources/blog/gdpr-software-supply-chain-obligations https://safeguard.sh/resources/blog/gdpr-software-supply-chain-obligations Sat, 08 Oct 2022 10:00:00 GMT Compliance hi@safeguard.sh (Bob) <![CDATA[Security ROI Calculation Methods That Actually Work]]> https://safeguard.sh/resources/blog/security-roi-calculation-methods https://safeguard.sh/resources/blog/security-roi-calculation-methods Sat, 08 Oct 2022 10:00:00 GMT Security Strategy hi@safeguard.sh (James) <![CDATA[Package Manager Security: npm, pip, and Maven Compared]]> https://safeguard.sh/resources/blog/package-manager-security-npm-pip-maven https://safeguard.sh/resources/blog/package-manager-security-npm-pip-maven Sat, 08 Oct 2022 09:00:00 GMT Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Generating SBOMs from Container Images: A Practical Guide]]> https://safeguard.sh/resources/blog/generating-sbom-from-container-images https://safeguard.sh/resources/blog/generating-sbom-from-container-images Sat, 08 Oct 2022 00:00:00 GMT SBOM hi@safeguard.sh (Nayan Dey) <![CDATA[Cookie Security for Modern Web Applications]]> https://safeguard.sh/resources/blog/cookie-security-modern-web-apps https://safeguard.sh/resources/blog/cookie-security-modern-web-apps Wed, 05 Oct 2022 10:00:00 GMT Web Security hi@safeguard.sh (Nayan Dey) <![CDATA[Network Segmentation for Development Environments: Isolating the Build Pipeline]]> https://safeguard.sh/resources/blog/network-segmentation-development-environments https://safeguard.sh/resources/blog/network-segmentation-development-environments Wed, 05 Oct 2022 10:00:00 GMT Network Security hi@safeguard.sh (Yukti Singhal) <![CDATA[PHP Composer Dependency Security]]> https://safeguard.sh/resources/blog/php-composer-dependency-security https://safeguard.sh/resources/blog/php-composer-dependency-security Wed, 05 Oct 2022 10:00:00 GMT Dependency Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Telecommunications Supply Chain Security: Protecting Critical Infrastructure]]> https://safeguard.sh/resources/blog/telecommunications-supply-chain-security https://safeguard.sh/resources/blog/telecommunications-supply-chain-security Wed, 05 Oct 2022 10:00:00 GMT Industry Guides hi@safeguard.sh (Alex) <![CDATA[Developer Productivity vs. Security: Finding the Real Balance]]> https://safeguard.sh/resources/blog/developer-productivity-security-balance https://safeguard.sh/resources/blog/developer-productivity-security-balance Wed, 05 Oct 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Trusted Computing and TPM in the Software Supply Chain]]> https://safeguard.sh/resources/blog/trusted-computing-tpm-software-supply-chain https://safeguard.sh/resources/blog/trusted-computing-tpm-software-supply-chain Wed, 05 Oct 2022 00:00:00 GMT Hardware Security hi@safeguard.sh (Michael) <![CDATA[npm Registry Security Gets Serious: 2022's Major Improvements]]> https://safeguard.sh/resources/blog/npm-registry-security-improvements-2022 https://safeguard.sh/resources/blog/npm-registry-security-improvements-2022 Sat, 01 Oct 2022 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[ProxyNotShell CVE-2022-41040: Microsoft Exchange Under Fire Again]]> https://safeguard.sh/resources/blog/microsoft-exchange-proxynotshell-cve-2022-41040 https://safeguard.sh/resources/blog/microsoft-exchange-proxynotshell-cve-2022-41040 Fri, 30 Sep 2022 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Michael) <![CDATA[OSS Review Toolkit (ORT): Automating License Compliance at Scale]]> https://safeguard.sh/resources/blog/oss-review-toolkit-ort-license-compliance https://safeguard.sh/resources/blog/oss-review-toolkit-ort-license-compliance Wed, 28 Sep 2022 10:00:00 GMT Open Source Security hi@safeguard.sh (Michael) <![CDATA[Migrating Dependencies for Security: A Step-by-Step Guide]]> https://safeguard.sh/resources/blog/migrating-dependencies-security-guide https://safeguard.sh/resources/blog/migrating-dependencies-security-guide Wed, 28 Sep 2022 09:00:00 GMT Dependency Management hi@safeguard.sh (Alex) <![CDATA[Database Extensions as Supply Chain Risk: The Overlooked Attack Surface]]> https://safeguard.sh/resources/blog/database-extension-supply-chain-risks https://safeguard.sh/resources/blog/database-extension-supply-chain-risks Wed, 28 Sep 2022 00:00:00 GMT Infrastructure Security hi@safeguard.sh (James) <![CDATA[Compression Library Vulnerabilities: From zlib to the xz Backdoor]]> https://safeguard.sh/resources/blog/compression-library-vulnerabilities-zlib-xz https://safeguard.sh/resources/blog/compression-library-vulnerabilities-zlib-xz Thu, 22 Sep 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[The Open Source Software Security Act of 2022: What It Means for Developers]]> https://safeguard.sh/resources/blog/open-source-software-security-act-2022 https://safeguard.sh/resources/blog/open-source-software-security-act-2022 Thu, 22 Sep 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Michael) <![CDATA[Building an SBOM Program from Scratch: A Practical Guide]]> https://safeguard.sh/resources/blog/building-sbom-program-from-scratch https://safeguard.sh/resources/blog/building-sbom-program-from-scratch Tue, 20 Sep 2022 11:00:00 GMT SBOM hi@safeguard.sh (James) <![CDATA[Kubernetes Admission Controllers for Supply Chain Policy]]> https://safeguard.sh/resources/blog/kubernetes-admission-controllers-supply-chain https://safeguard.sh/resources/blog/kubernetes-admission-controllers-supply-chain Sun, 18 Sep 2022 12:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[GoSec Static Analysis for Go: Practical Security Scanning]]> https://safeguard.sh/resources/blog/gosec-static-analysis-for-go https://safeguard.sh/resources/blog/gosec-static-analysis-for-go Sun, 18 Sep 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[SOX Compliance in Software Development: The Supply Chain Angle]]> https://safeguard.sh/resources/blog/sox-compliance-software-development https://safeguard.sh/resources/blog/sox-compliance-software-development Sun, 18 Sep 2022 10:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Uber's 2022 Breach: How an 18-Year-Old Social Engineered Past MFA]]> https://safeguard.sh/resources/blog/uber-breach-2022-social-engineering-attack https://safeguard.sh/resources/blog/uber-breach-2022-social-engineering-attack Fri, 16 Sep 2022 10:00:00 GMT Incident Response hi@safeguard.sh (Alex) <![CDATA[Software Transparency and the EU Cyber Resilience Act]]> https://safeguard.sh/resources/blog/software-transparency-eu-cyber-resilience-act https://safeguard.sh/resources/blog/software-transparency-eu-cyber-resilience-act Thu, 15 Sep 2022 10:00:00 GMT Compliance hi@safeguard.sh (Yukti Singhal) <![CDATA[Retail and E-Commerce Software Supply Chain Security]]> https://safeguard.sh/resources/blog/retail-ecommerce-software-supply-chain https://safeguard.sh/resources/blog/retail-ecommerce-software-supply-chain Thu, 15 Sep 2022 09:00:00 GMT Industry Guides hi@safeguard.sh (Nayan Dey) <![CDATA[SPDX Specification: A Practical Guide for Security Teams]]> https://safeguard.sh/resources/blog/spdx-specification-practical-guide https://safeguard.sh/resources/blog/spdx-specification-practical-guide Thu, 15 Sep 2022 00:00:00 GMT SBOM hi@safeguard.sh (Yukti Singhal) <![CDATA[Trivy vs Grype: Open Source Vulnerability Scanners Compared]]> https://safeguard.sh/resources/blog/trivy-grype-vulnerability-scanner-comparison https://safeguard.sh/resources/blog/trivy-grype-vulnerability-scanner-comparison Thu, 15 Sep 2022 00:00:00 GMT Tool Comparisons hi@safeguard.sh (Nayan Dey) <![CDATA[Angular Application Security Checklist]]> https://safeguard.sh/resources/blog/angular-application-security-checklist https://safeguard.sh/resources/blog/angular-application-security-checklist Mon, 12 Sep 2022 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[CORS Misconfiguration Exploitation: The Silent API Exposure]]> https://safeguard.sh/resources/blog/cors-misconfiguration-exploitation https://safeguard.sh/resources/blog/cors-misconfiguration-exploitation Mon, 12 Sep 2022 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Harbor Registry Security Configuration: A Complete Hardening Guide]]> https://safeguard.sh/resources/blog/harbor-registry-security-configuration https://safeguard.sh/resources/blog/harbor-registry-security-configuration Mon, 12 Sep 2022 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Canary Deployments and Security Monitoring]]> https://safeguard.sh/resources/blog/canary-deployments-security-monitoring https://safeguard.sh/resources/blog/canary-deployments-security-monitoring Mon, 12 Sep 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Path Traversal in Dependency Installation: Writing Files Where They Should Not Go]]> https://safeguard.sh/resources/blog/path-traversal-dependency-installation https://safeguard.sh/resources/blog/path-traversal-dependency-installation Thu, 08 Sep 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Shadab Khan) <![CDATA[Rust Supply Chain Security: How crates.io Stacks Up Against npm and PyPI]]> https://safeguard.sh/resources/blog/rust-supply-chain-security-crates-io https://safeguard.sh/resources/blog/rust-supply-chain-security-crates-io Thu, 08 Sep 2022 10:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Software Escrow Agreements: Security Implications You Should Negotiate]]> https://safeguard.sh/resources/blog/software-escrow-agreements-security https://safeguard.sh/resources/blog/software-escrow-agreements-security Thu, 08 Sep 2022 10:00:00 GMT Security Strategy hi@safeguard.sh (Nayan Dey) <![CDATA[Linux Kernel Supply Chain Security: How the World's Largest Project Protects Itself]]> https://safeguard.sh/resources/blog/linux-kernel-supply-chain-security https://safeguard.sh/resources/blog/linux-kernel-supply-chain-security Thu, 08 Sep 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love]]> https://safeguard.sh/resources/blog/security-misconfiguration-checklist https://safeguard.sh/resources/blog/security-misconfiguration-checklist Thu, 08 Sep 2022 00:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[SSRF Exploitation in Cloud Environments]]> https://safeguard.sh/resources/blog/ssrf-exploitation-cloud-environments https://safeguard.sh/resources/blog/ssrf-exploitation-cloud-environments Mon, 05 Sep 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Alex) <![CDATA[The State of Software Supply Chain Attacks: Mid-2022 Report]]> https://safeguard.sh/resources/blog/software-supply-chain-attacks-state-of-2022 https://safeguard.sh/resources/blog/software-supply-chain-attacks-state-of-2022 Thu, 01 Sep 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[SLSA vs SSDF vs S2C2F: Framework Comparison]]> https://safeguard.sh/resources/blog/supply-chain-integrity-framework-comparison-2022 https://safeguard.sh/resources/blog/supply-chain-integrity-framework-comparison-2022 Tue, 30 Aug 2022 12:00:00 GMT Regulatory Compliance hi@safeguard.sh (Nayan Dey) <![CDATA[Build Artifact Integrity Verification: From Source to Deployment]]> https://safeguard.sh/resources/blog/build-artifact-integrity-verification https://safeguard.sh/resources/blog/build-artifact-integrity-verification Sun, 28 Aug 2022 09:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[LastPass Breach: How a Compromised Developer Environment Exposed Millions]]> https://safeguard.sh/resources/blog/lastpass-security-breach-developer-environment https://safeguard.sh/resources/blog/lastpass-security-breach-developer-environment Thu, 25 Aug 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (James) <![CDATA[Plex Data Breach: 20 Million Users Forced to Reset Passwords]]> https://safeguard.sh/resources/blog/plex-data-breach-august-2022 https://safeguard.sh/resources/blog/plex-data-breach-august-2022 Wed, 24 Aug 2022 10:00:00 GMT Data Breach hi@safeguard.sh (Nayan Dey) <![CDATA[GitLab Critical RCE (CVE-2022-2884): Remote Code Execution via GitHub Import]]> https://safeguard.sh/resources/blog/gitlab-critical-vulnerability-cve-2022-2884 https://safeguard.sh/resources/blog/gitlab-critical-vulnerability-cve-2022-2884 Mon, 22 Aug 2022 13:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Setting Up Dependency Scanning on GitHub]]> https://safeguard.sh/resources/blog/setting-up-dependency-scanning-github https://safeguard.sh/resources/blog/setting-up-dependency-scanning-github Mon, 22 Aug 2022 11:00:00 GMT How-To Guide hi@safeguard.sh (James) <![CDATA[Infrastructure as Code Security: Scanning Terraform, CloudFormation, and Kubernetes Manifests]]> https://safeguard.sh/resources/blog/infrastructure-as-code-security-scanning https://safeguard.sh/resources/blog/infrastructure-as-code-security-scanning Mon, 22 Aug 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Shadab Khan) <![CDATA[Building a Security Team from Scratch]]> https://safeguard.sh/resources/blog/building-security-team-from-scratch https://safeguard.sh/resources/blog/building-security-team-from-scratch Mon, 22 Aug 2022 00:00:00 GMT Organizational Security hi@safeguard.sh (James) <![CDATA[Malicious GitHub Commits: The Overlooked Supply Chain Attack Vector]]> https://safeguard.sh/resources/blog/malicious-github-commits-supply-chain-risk https://safeguard.sh/resources/blog/malicious-github-commits-supply-chain-risk Sat, 20 Aug 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Software Supply Chain Security in Banking: A Practical Guide]]> https://safeguard.sh/resources/blog/software-supply-chain-security-banking https://safeguard.sh/resources/blog/software-supply-chain-security-banking Sat, 20 Aug 2022 09:00:00 GMT Industry Guides hi@safeguard.sh (Nayan Dey) <![CDATA[Open Source Security Bounty Programs: Do They Actually Work?]]> https://safeguard.sh/resources/blog/open-source-security-bounty-programs https://safeguard.sh/resources/blog/open-source-security-bounty-programs Thu, 18 Aug 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[Supply Chain Security for Government Agencies]]> https://safeguard.sh/resources/blog/supply-chain-security-for-government-agencies https://safeguard.sh/resources/blog/supply-chain-security-for-government-agencies Thu, 18 Aug 2022 00:00:00 GMT Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Securing GitHub Actions: Hardening Your CI/CD Supply Chain]]> https://safeguard.sh/resources/blog/securing-github-actions-supply-chain https://safeguard.sh/resources/blog/securing-github-actions-supply-chain Mon, 15 Aug 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Security Metrics That Matter: A CISO Guide]]> https://safeguard.sh/resources/blog/security-metrics-that-matter-ciso-guide https://safeguard.sh/resources/blog/security-metrics-that-matter-ciso-guide Mon, 15 Aug 2022 09:00:00 GMT Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[eBPF for Security Monitoring: What It Can and Cannot Do]]> https://safeguard.sh/resources/blog/ebpf-security-monitoring-applications https://safeguard.sh/resources/blog/ebpf-security-monitoring-applications Fri, 12 Aug 2022 10:00:00 GMT Runtime Security hi@safeguard.sh (Michael) <![CDATA[Docker Image Layer Security Analysis: What Lurks Beneath Your Containers]]> https://safeguard.sh/resources/blog/docker-image-layer-security-analysis https://safeguard.sh/resources/blog/docker-image-layer-security-analysis Fri, 12 Aug 2022 00:00:00 GMT Container Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Trivy for SBOM Generation and Vulnerability Scanning]]> https://safeguard.sh/resources/blog/trivy-sbom-generation-scanning https://safeguard.sh/resources/blog/trivy-sbom-generation-scanning Fri, 12 Aug 2022 00:00:00 GMT SBOM hi@safeguard.sh (Michael) <![CDATA[Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform]]> https://safeguard.sh/resources/blog/zimbra-cve-2022-37042-authentication-bypass https://safeguard.sh/resources/blog/zimbra-cve-2022-37042-authentication-bypass Wed, 10 Aug 2022 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Alex) <![CDATA[0ktapus: The Phishing Campaign That Hit Cloudflare, Twilio, and 130+ Organizations]]> https://safeguard.sh/resources/blog/cloudflare-twilio-0ktapus-phishing-campaign https://safeguard.sh/resources/blog/cloudflare-twilio-0ktapus-phishing-campaign Mon, 08 Aug 2022 10:00:00 GMT Incident Response hi@safeguard.sh (Shadab Khan) <![CDATA[Docker Security Best Practices for Developers]]> https://safeguard.sh/resources/blog/docker-security-best-practices-developers https://safeguard.sh/resources/blog/docker-security-best-practices-developers Mon, 08 Aug 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[pip Install Hooks Security Risks: Code Execution During Package Installation]]> https://safeguard.sh/resources/blog/pip-install-hooks-security-risks https://safeguard.sh/resources/blog/pip-install-hooks-security-risks Mon, 08 Aug 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (James) <![CDATA[Startup Security at Seed Stage: What to Prioritize When Resources Are Scarce]]> https://safeguard.sh/resources/blog/startup-security-seed-stage-guide https://safeguard.sh/resources/blog/startup-security-seed-stage-guide Mon, 08 Aug 2022 00:00:00 GMT Startup Security hi@safeguard.sh (Michael) <![CDATA[Mutation Testing for Security Validation: Testing Your Tests]]> https://safeguard.sh/resources/blog/mutation-testing-security-validation https://safeguard.sh/resources/blog/mutation-testing-security-validation Fri, 05 Aug 2022 10:00:00 GMT Application Security hi@safeguard.sh (Shadab Khan) <![CDATA[NoSQL Injection and MongoDB: Prevention Guide]]> https://safeguard.sh/resources/blog/nosql-injection-mongodb-prevention https://safeguard.sh/resources/blog/nosql-injection-mongodb-prevention Fri, 05 Aug 2022 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Reproducible Builds: The Gold Standard for Supply Chain Integrity]]> https://safeguard.sh/resources/blog/reproducible-builds-supply-chain-integrity https://safeguard.sh/resources/blog/reproducible-builds-supply-chain-integrity Mon, 01 Aug 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[AWS Inspector V2 Container Scanning: What Changed and Why It Matters]]> https://safeguard.sh/resources/blog/aws-inspector-v2-container-scanning https://safeguard.sh/resources/blog/aws-inspector-v2-container-scanning Thu, 28 Jul 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Michael) <![CDATA[Zero Trust Architecture for the Software Supply Chain]]> https://safeguard.sh/resources/blog/zero-trust-architecture-software-supply-chain https://safeguard.sh/resources/blog/zero-trust-architecture-software-supply-chain Thu, 28 Jul 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Microservices Security Architecture: A Supply Chain Perspective]]> https://safeguard.sh/resources/blog/microservices-security-architecture-guide https://safeguard.sh/resources/blog/microservices-security-architecture-guide Mon, 25 Jul 2022 11:00:00 GMT Architecture hi@safeguard.sh (Alex) <![CDATA[Clippy Rust Security Lints: Catching What the Borrow Checker Misses]]> https://safeguard.sh/resources/blog/clippy-rust-security-lints https://safeguard.sh/resources/blog/clippy-rust-security-lints Fri, 22 Jul 2022 10:00:00 GMT Secure Development hi@safeguard.sh (Shadab Khan) <![CDATA[Twitter Data Breach: 5.4 Million Accounts Exposed Through an API Vulnerability]]> https://safeguard.sh/resources/blog/twitter-54-million-data-breach https://safeguard.sh/resources/blog/twitter-54-million-data-breach Fri, 22 Jul 2022 10:00:00 GMT Data Breach hi@safeguard.sh (Yukti Singhal) <![CDATA[Brazil's LGPD and Its Implications for Software Security]]> https://safeguard.sh/resources/blog/brazil-lgpd-software-security-implications https://safeguard.sh/resources/blog/brazil-lgpd-software-security-implications Fri, 22 Jul 2022 08:00:00 GMT Compliance hi@safeguard.sh (James) <![CDATA[Atlassian Questions for Confluence CVE-2022-26138: A Hardcoded Password That Gave Away the Keys]]> https://safeguard.sh/resources/blog/atlassian-questions-for-confluence-cve-2022-26138 https://safeguard.sh/resources/blog/atlassian-questions-for-confluence-cve-2022-26138 Wed, 20 Jul 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[VEX Explained: How Vulnerability Exploitability Exchange Cuts Through Alert Noise]]> https://safeguard.sh/resources/blog/vex-vulnerability-exploitability-exchange-guide https://safeguard.sh/resources/blog/vex-vulnerability-exploitability-exchange-guide Wed, 20 Jul 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[The Open Source Software Bill of Rights]]> https://safeguard.sh/resources/blog/open-source-software-bill-of-rights https://safeguard.sh/resources/blog/open-source-software-bill-of-rights Wed, 20 Jul 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Bug Bounty Programs with a Supply Chain Focus]]> https://safeguard.sh/resources/blog/bug-bounty-programs-supply-chain-focus https://safeguard.sh/resources/blog/bug-bounty-programs-supply-chain-focus Mon, 18 Jul 2022 00:00:00 GMT Offensive Security hi@safeguard.sh (Michael) <![CDATA[NIST CSF Updates Put Supply Chain Risk Management Front and Center]]> https://safeguard.sh/resources/blog/nist-csf-update-supply-chain-risk-management https://safeguard.sh/resources/blog/nist-csf-update-supply-chain-risk-management Fri, 15 Jul 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Nayan Dey) <![CDATA[GitHub Actions Security Best Practices in 2022]]> https://safeguard.sh/resources/blog/github-actions-security-best-practices-2022 https://safeguard.sh/resources/blog/github-actions-security-best-practices-2022 Fri, 15 Jul 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Yukti Singhal) <![CDATA[Azure AD Token Theft Campaigns: A 2022 Retrospective]]> https://safeguard.sh/resources/blog/azure-ad-token-theft-retrospective-2022 https://safeguard.sh/resources/blog/azure-ad-token-theft-retrospective-2022 Thu, 14 Jul 2022 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation]]> https://safeguard.sh/resources/blog/blackcat-alphv-ransomware-supply-chain https://safeguard.sh/resources/blog/blackcat-alphv-ransomware-supply-chain Tue, 12 Jul 2022 10:00:00 GMT Ransomware hi@safeguard.sh (James) <![CDATA[JavaScript Dependency Security: The Complete Guide]]> https://safeguard.sh/resources/blog/javascript-dependency-security-complete-guide https://safeguard.sh/resources/blog/javascript-dependency-security-complete-guide Tue, 12 Jul 2022 10:00:00 GMT Dependency Security hi@safeguard.sh (Yukti Singhal) <![CDATA[NGINX Security Configuration Guide for Production Deployments]]> https://safeguard.sh/resources/blog/nginx-security-configuration-guide https://safeguard.sh/resources/blog/nginx-security-configuration-guide Tue, 12 Jul 2022 10:00:00 GMT Infrastructure Security hi@safeguard.sh (Alex) <![CDATA[Notary v2 Content Trust: A Practical Implementation Guide]]> https://safeguard.sh/resources/blog/notary-v2-content-trust-guide https://safeguard.sh/resources/blog/notary-v2-content-trust-guide Tue, 12 Jul 2022 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Nayan Dey) <![CDATA[Memory Safety Bugs in C/C++ Dependencies: The Hidden Risk in Your Software Supply Chain]]> https://safeguard.sh/resources/blog/memory-safety-bugs-c-cpp-dependencies https://safeguard.sh/resources/blog/memory-safety-bugs-c-cpp-dependencies Fri, 08 Jul 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Protocol Buffer Security Considerations Beyond Serialization]]> https://safeguard.sh/resources/blog/protocol-buffer-security-considerations https://safeguard.sh/resources/blog/protocol-buffer-security-considerations Fri, 08 Jul 2022 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[CDN Supply Chain Security Risks You Should Know]]> https://safeguard.sh/resources/blog/cdn-supply-chain-security-risks https://safeguard.sh/resources/blog/cdn-supply-chain-security-risks Fri, 08 Jul 2022 00:00:00 GMT Infrastructure Security hi@safeguard.sh (James) <![CDATA[SAST vs DAST vs IAST: Which Application Security Testing Approach Fits Your Pipeline?]]> https://safeguard.sh/resources/blog/sast-vs-dast-vs-iast-comparison https://safeguard.sh/resources/blog/sast-vs-dast-vs-iast-comparison Fri, 08 Jul 2022 00:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Dark Web Monitoring for Supply Chain Threats]]> https://safeguard.sh/resources/blog/dark-web-monitoring-supply-chain https://safeguard.sh/resources/blog/dark-web-monitoring-supply-chain Tue, 05 Jul 2022 10:00:00 GMT Threat Intelligence hi@safeguard.sh (Nayan Dey) <![CDATA[How to Create Your First SBOM]]> https://safeguard.sh/resources/blog/how-to-create-your-first-sbom https://safeguard.sh/resources/blog/how-to-create-your-first-sbom Tue, 05 Jul 2022 10:00:00 GMT How-To Guide hi@safeguard.sh (Yukti Singhal) <![CDATA[npm Lockfile Injection Attacks: How Tampered package-lock.json Files Compromise Builds]]> https://safeguard.sh/resources/blog/npm-lockfile-injection-attacks https://safeguard.sh/resources/blog/npm-lockfile-injection-attacks Tue, 05 Jul 2022 10:00:00 GMT Software Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Retbleed: The Spectre Variant That Haunts Modern CPUs (CVE-2022-29900)]]> https://safeguard.sh/resources/blog/retbleed-spectre-variant-cve-2022-29900-analysis https://safeguard.sh/resources/blog/retbleed-spectre-variant-cve-2022-29900-analysis Tue, 05 Jul 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[WebAssembly Security: A Deep Dive into the Sandbox Model]]> https://safeguard.sh/resources/blog/webassembly-security-sandbox-analysis https://safeguard.sh/resources/blog/webassembly-security-sandbox-analysis Tue, 05 Jul 2022 10:00:00 GMT Application Security hi@safeguard.sh (Bob) <![CDATA[Docker Scout for Container Security Analysis: A Practical Guide]]> https://safeguard.sh/resources/blog/docker-scout-container-analysis-guide https://safeguard.sh/resources/blog/docker-scout-container-analysis-guide Tue, 05 Jul 2022 00:00:00 GMT Container Security hi@safeguard.sh (Michael) <![CDATA[Open Source Governance: Building an Enterprise Framework]]> https://safeguard.sh/resources/blog/open-source-governance-enterprise-framework https://safeguard.sh/resources/blog/open-source-governance-enterprise-framework Tue, 28 Jun 2022 11:00:00 GMT Governance hi@safeguard.sh (Bob) <![CDATA[India's CERT-In Cybersecurity Directives: Six-Hour Reporting and Beyond]]> https://safeguard.sh/resources/blog/india-cert-in-cyber-security-directives https://safeguard.sh/resources/blog/india-cert-in-cyber-security-directives Tue, 28 Jun 2022 10:00:00 GMT Compliance hi@safeguard.sh (Alex) <![CDATA[Dependency Update Strategies for Large Codebases]]> https://safeguard.sh/resources/blog/dependency-update-strategies-for-large-codebases https://safeguard.sh/resources/blog/dependency-update-strategies-for-large-codebases Sat, 25 Jun 2022 09:00:00 GMT Software Supply Chain hi@safeguard.sh (Yukti Singhal) <![CDATA[The GitHub Codespaces Security Model, Examined]]> https://safeguard.sh/resources/blog/github-codespaces-security-model-2022 https://safeguard.sh/resources/blog/github-codespaces-security-model-2022 Wed, 22 Jun 2022 12:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[Terraform Security Scanning: What to Scan, When, and How]]> https://safeguard.sh/resources/blog/terraform-security-scanning-best-practices https://safeguard.sh/resources/blog/terraform-security-scanning-best-practices Wed, 22 Jun 2022 10:00:00 GMT Infrastructure Security hi@safeguard.sh (James) <![CDATA[Managing End-of-Life Software Dependencies]]> https://safeguard.sh/resources/blog/managing-eol-software-dependencies https://safeguard.sh/resources/blog/managing-eol-software-dependencies Wed, 22 Jun 2022 09:00:00 GMT Dependency Management hi@safeguard.sh (Yukti Singhal) <![CDATA[Secrets Management: Preventing Credential Leaks in Your Software Supply Chain]]> https://safeguard.sh/resources/blog/secrets-management-preventing-credential-leaks https://safeguard.sh/resources/blog/secrets-management-preventing-credential-leaks Wed, 22 Jun 2022 09:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Environment Variable Injection in CI/CD: The Invisible Attack Surface]]> https://safeguard.sh/resources/blog/environment-variable-injection-cicd https://safeguard.sh/resources/blog/environment-variable-injection-cicd Mon, 20 Jun 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[ESLint Security Rules Configuration: A Practical Guide]]> https://safeguard.sh/resources/blog/eslint-security-rules-configuration https://safeguard.sh/resources/blog/eslint-security-rules-configuration Mon, 20 Jun 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Ruby Gems Supply Chain Security]]> https://safeguard.sh/resources/blog/ruby-gems-supply-chain-security https://safeguard.sh/resources/blog/ruby-gems-supply-chain-security Mon, 20 Jun 2022 10:00:00 GMT Dependency Security hi@safeguard.sh (Michael) <![CDATA[Securing Terraform Infrastructure as Code: A Practitioner's Guide]]> https://safeguard.sh/resources/blog/securing-terraform-infrastructure-as-code https://safeguard.sh/resources/blog/securing-terraform-infrastructure-as-code Sat, 18 Jun 2022 09:00:00 GMT Infrastructure Security hi@safeguard.sh (Shadab Khan) <![CDATA[Flux CD GitOps Security Practices]]> https://safeguard.sh/resources/blog/flux-cd-gitops-security-practices https://safeguard.sh/resources/blog/flux-cd-gitops-security-practices Sat, 18 Jun 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Building a Supply Chain Risk Appetite Framework]]> https://safeguard.sh/resources/blog/supply-chain-risk-appetite-framework https://safeguard.sh/resources/blog/supply-chain-risk-appetite-framework Sat, 18 Jun 2022 00:00:00 GMT Risk Management hi@safeguard.sh (Alex) <![CDATA[CPE Naming Convention and the Vulnerability Matching Problem]]> https://safeguard.sh/resources/blog/cpe-naming-convention-vulnerability-matching https://safeguard.sh/resources/blog/cpe-naming-convention-vulnerability-matching Wed, 15 Jun 2022 10:00:00 GMT Vulnerability Management hi@safeguard.sh (James) <![CDATA[Shifting Left Without Slowing Down]]> https://safeguard.sh/resources/blog/shifting-left-without-slowing-down https://safeguard.sh/resources/blog/shifting-left-without-slowing-down Wed, 15 Jun 2022 10:00:00 GMT Best Practices hi@safeguard.sh (Nayan Dey) <![CDATA[The OWASP Top 10 (2021) Through a Supply Chain Security Lens]]> https://safeguard.sh/resources/blog/owasp-top-10-2021-supply-chain-perspective https://safeguard.sh/resources/blog/owasp-top-10-2021-supply-chain-perspective Wed, 15 Jun 2022 00:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[The Log4Shell Response Playbook Six Months In]]> https://safeguard.sh/resources/blog/log4shell-response-playbook-six-months-in https://safeguard.sh/resources/blog/log4shell-response-playbook-six-months-in Sun, 12 Jun 2022 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Linux Distribution Package Signing: How It Actually Works]]> https://safeguard.sh/resources/blog/linux-distribution-package-signing https://safeguard.sh/resources/blog/linux-distribution-package-signing Sun, 12 Jun 2022 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Mobile App Store Security Bypass: How Malicious Apps Evade Review]]> https://safeguard.sh/resources/blog/mobile-app-store-security-bypass https://safeguard.sh/resources/blog/mobile-app-store-security-bypass Sun, 12 Jun 2022 10:00:00 GMT Mobile Security hi@safeguard.sh (Bob) <![CDATA[Electron App Supply Chain Security: Desktop Apps Built on Web Dependencies]]> https://safeguard.sh/resources/blog/electron-app-supply-chain-security https://safeguard.sh/resources/blog/electron-app-supply-chain-security Sun, 12 Jun 2022 00:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Follina (CVE-2022-30190): The Microsoft Zero-Day That Bypassed Macro Protections]]> https://safeguard.sh/resources/blog/follina-cve-2022-30190-microsoft-zero-day https://safeguard.sh/resources/blog/follina-cve-2022-30190-microsoft-zero-day Fri, 10 Jun 2022 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Container Runtime Security Monitoring: Catching What Scanners Miss]]> https://safeguard.sh/resources/blog/container-runtime-security-monitoring https://safeguard.sh/resources/blog/container-runtime-security-monitoring Wed, 08 Jun 2022 11:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[AWS Supply Chain Security Best Practices You Should Adopt Today]]> https://safeguard.sh/resources/blog/aws-supply-chain-security-best-practices https://safeguard.sh/resources/blog/aws-supply-chain-security-best-practices Wed, 08 Jun 2022 10:00:00 GMT Cloud Security hi@safeguard.sh (Yukti Singhal) <![CDATA[TLS Configuration Security Audit: What to Check and How]]> https://safeguard.sh/resources/blog/tls-configuration-security-audit https://safeguard.sh/resources/blog/tls-configuration-security-audit Wed, 08 Jun 2022 10:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[Kubernetes Supply Chain Policy Engines: Enforcing What Gets Deployed]]> https://safeguard.sh/resources/blog/kubernetes-supply-chain-policy-engine https://safeguard.sh/resources/blog/kubernetes-supply-chain-policy-engine Wed, 08 Jun 2022 00:00:00 GMT Kubernetes Security hi@safeguard.sh (Alex) <![CDATA[Security Headers Implementation Checklist: Hardening Your Web Application]]> https://safeguard.sh/resources/blog/security-headers-implementation-checklist https://safeguard.sh/resources/blog/security-headers-implementation-checklist Sun, 05 Jun 2022 10:00:00 GMT Web Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Software-Defined Perimeters for Supply Chain Security]]> https://safeguard.sh/resources/blog/software-defined-perimeter-supply-chain https://safeguard.sh/resources/blog/software-defined-perimeter-supply-chain Sun, 05 Jun 2022 10:00:00 GMT Network Security hi@safeguard.sh (Michael) <![CDATA[Hardware Supply Chain Trust Boundaries]]> https://safeguard.sh/resources/blog/hardware-supply-chain-trust-boundaries https://safeguard.sh/resources/blog/hardware-supply-chain-trust-boundaries Sun, 05 Jun 2022 00:00:00 GMT Hardware Security hi@safeguard.sh (Alex) <![CDATA[SBOM 101: A Complete Beginner's Guide to Software Bill of Materials]]> https://safeguard.sh/resources/blog/sbom-101-complete-beginners-guide https://safeguard.sh/resources/blog/sbom-101-complete-beginners-guide Sun, 05 Jun 2022 00:00:00 GMT SBOM hi@safeguard.sh (Yukti Singhal) <![CDATA[Confluence Zero-Day (CVE-2022-26134): Atlassian's OGNL Injection Crisis]]> https://safeguard.sh/resources/blog/confluence-cve-2022-26134-atlassian-zero-day https://safeguard.sh/resources/blog/confluence-cve-2022-26134-atlassian-zero-day Fri, 03 Jun 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Evaluating Open Source Alternatives Through a Security Lens]]> https://safeguard.sh/resources/blog/open-source-alternative-evaluation-security https://safeguard.sh/resources/blog/open-source-alternative-evaluation-security Sat, 28 May 2022 09:00:00 GMT Dependency Management hi@safeguard.sh (Nayan Dey) <![CDATA[Software Provenance Tracking: From Source to Production]]> https://safeguard.sh/resources/blog/software-provenance-tracking-best-practices https://safeguard.sh/resources/blog/software-provenance-tracking-best-practices Sat, 28 May 2022 09:00:00 GMT DevSecOps hi@safeguard.sh (Michael) <![CDATA[Shield Health Group Data Breach: 2 Million Patient Records Exposed]]> https://safeguard.sh/resources/blog/shield-health-group-data-breach https://safeguard.sh/resources/blog/shield-health-group-data-breach Fri, 27 May 2022 10:00:00 GMT Healthcare Security hi@safeguard.sh (Bob) <![CDATA[Broken Access Control: The Number One Web Vulnerability and How to Fix It]]> https://safeguard.sh/resources/blog/broken-access-control-prevention-guide https://safeguard.sh/resources/blog/broken-access-control-prevention-guide Wed, 25 May 2022 00:00:00 GMT Application Security hi@safeguard.sh (Alex) <![CDATA[General Motors Credential Stuffing Attack: Loyalty Points Theft at Scale]]> https://safeguard.sh/resources/blog/general-motors-credential-stuffing https://safeguard.sh/resources/blog/general-motors-credential-stuffing Tue, 24 May 2022 10:00:00 GMT Credential Attacks hi@safeguard.sh (Alex) <![CDATA[Red Hat JBoss Vulnerability Exploitation: The Persistent Threat of Java Middleware]]> https://safeguard.sh/resources/blog/red-hat-jboss-vulnerability-exploitation https://safeguard.sh/resources/blog/red-hat-jboss-vulnerability-exploitation Sun, 22 May 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Bob) <![CDATA[Open Source Funding Models and Their Impact on Security]]> https://safeguard.sh/resources/blog/open-source-funding-models-security https://safeguard.sh/resources/blog/open-source-funding-models-security Sun, 22 May 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[PyPI Supply Chain Attacks: The ctx Package Compromise]]> https://safeguard.sh/resources/blog/pypi-supply-chain-attacks-ctx-package https://safeguard.sh/resources/blog/pypi-supply-chain-attacks-ctx-package Fri, 20 May 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[Image Parsing Vulnerabilities in Dependencies: The Pixel-Level Threat]]> https://safeguard.sh/resources/blog/image-parsing-vulnerabilities-dependencies https://safeguard.sh/resources/blog/image-parsing-vulnerabilities-dependencies Wed, 18 May 2022 10:00:00 GMT Vulnerability Management hi@safeguard.sh (Michael) <![CDATA[Secure Coding Practices: A Developer's Guide]]> https://safeguard.sh/resources/blog/secure-coding-practices-developers-guide https://safeguard.sh/resources/blog/secure-coding-practices-developers-guide Wed, 18 May 2022 10:00:00 GMT Best Practices hi@safeguard.sh (Alex) <![CDATA[Why Dependency Pinning Alone Is Not Enough]]> https://safeguard.sh/resources/blog/why-dependency-pinning-alone-is-not-enough https://safeguard.sh/resources/blog/why-dependency-pinning-alone-is-not-enough Tue, 17 May 2022 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Maven Central Supply Chain Risks: Securing the Java Ecosystem]]> https://safeguard.sh/resources/blog/maven-central-supply-chain-risks https://safeguard.sh/resources/blog/maven-central-supply-chain-risks Sun, 15 May 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Nayan Dey) <![CDATA[OCI Artifact Signing Standards: Making Sense of the Landscape]]> https://safeguard.sh/resources/blog/oci-artifact-signing-standards https://safeguard.sh/resources/blog/oci-artifact-signing-standards Thu, 12 May 2022 10:00:00 GMT Supply Chain Security hi@safeguard.sh (Michael) <![CDATA[SAML Security in a Supply Chain Context]]> https://safeguard.sh/resources/blog/saml-security-supply-chain-context https://safeguard.sh/resources/blog/saml-security-supply-chain-context Thu, 12 May 2022 10:00:00 GMT Identity Security hi@safeguard.sh (James) <![CDATA[Zyxel Firewall CVE-2022-30525: Unauthenticated Command Injection in Your Perimeter Defense]]> https://safeguard.sh/resources/blog/zyxel-firewall-cve-2022-30525-rce https://safeguard.sh/resources/blog/zyxel-firewall-cve-2022-30525-rce Thu, 12 May 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Docker Container Escape Vulnerabilities: Techniques and Defenses]]> https://safeguard.sh/resources/blog/docker-container-escape-vulnerabilities https://safeguard.sh/resources/blog/docker-container-escape-vulnerabilities Thu, 12 May 2022 09:00:00 GMT Container Security hi@safeguard.sh (Alex) <![CDATA[CycloneDX Specification Deep Dive: Beyond the Basics]]> https://safeguard.sh/resources/blog/cyclonedx-specification-deep-dive https://safeguard.sh/resources/blog/cyclonedx-specification-deep-dive Thu, 12 May 2022 00:00:00 GMT SBOM hi@safeguard.sh (Michael) <![CDATA[CISA SBOM Guidance: What Government Agencies Need to Know]]> https://safeguard.sh/resources/blog/cisa-sbom-guidance-for-government-agencies https://safeguard.sh/resources/blog/cisa-sbom-guidance-for-government-agencies Tue, 10 May 2022 11:00:00 GMT Compliance & Regulations hi@safeguard.sh (Bob) <![CDATA[Regular Expression Denial of Service (ReDoS): Detection and Prevention]]> https://safeguard.sh/resources/blog/regex-denial-of-service-redos-prevention https://safeguard.sh/resources/blog/regex-denial-of-service-redos-prevention Sun, 08 May 2022 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Feature Flags Security Implications]]> https://safeguard.sh/resources/blog/feature-flags-security-implications https://safeguard.sh/resources/blog/feature-flags-security-implications Sun, 08 May 2022 00:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[File Upload Vulnerability Prevention: A Practical Guide]]> https://safeguard.sh/resources/blog/file-upload-vulnerability-prevention https://safeguard.sh/resources/blog/file-upload-vulnerability-prevention Thu, 05 May 2022 10:00:00 GMT Web Security hi@safeguard.sh (Bob) <![CDATA[NIST SP 800-218 (SSDF) Final Publication: What It Means for Your Organization]]> https://safeguard.sh/resources/blog/nist-sp-800-218-ssdf-final-publication https://safeguard.sh/resources/blog/nist-sp-800-218-ssdf-final-publication Thu, 05 May 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (James) <![CDATA[CI/CD Pipeline Audit Logging: What to Capture and Why]]> https://safeguard.sh/resources/blog/cicd-pipeline-audit-logging https://safeguard.sh/resources/blog/cicd-pipeline-audit-logging Thu, 28 Apr 2022 09:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[OpenSSF Alpha-Omega Project: Securing Open Source at Scale]]> https://safeguard.sh/resources/blog/openssf-alpha-omega-project-securing-open-source https://safeguard.sh/resources/blog/openssf-alpha-omega-project-securing-open-source Thu, 28 Apr 2022 09:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Ephemeral Environments for Security Testing: A Modern Approach]]> https://safeguard.sh/resources/blog/ephemeral-environments-security-testing https://safeguard.sh/resources/blog/ephemeral-environments-security-testing Mon, 25 Apr 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Shadab Khan) <![CDATA[npm Supply Chain Attacks: 2022 Q1 Report]]> https://safeguard.sh/resources/blog/npm-supply-chain-attacks-2022-q1-report https://safeguard.sh/resources/blog/npm-supply-chain-attacks-2022-q1-report Wed, 20 Apr 2022 11:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Michael) <![CDATA[Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency]]> https://safeguard.sh/resources/blog/costa-rica-conti-ransomware-national https://safeguard.sh/resources/blog/costa-rica-conti-ransomware-national Mon, 18 Apr 2022 10:00:00 GMT Ransomware hi@safeguard.sh (James) <![CDATA[Beanstalk Farms Governance Attack: $182 Million Stolen Through a Democratic Vote]]> https://safeguard.sh/resources/blog/beanstalk-defi-governance-attack https://safeguard.sh/resources/blog/beanstalk-defi-governance-attack Sun, 17 Apr 2022 10:00:00 GMT DeFi Security hi@safeguard.sh (Michael) <![CDATA[GitHub OAuth Token Theft: The Heroku and Travis CI Breach]]> https://safeguard.sh/resources/blog/github-oauth-token-theft-heroku-travis-ci https://safeguard.sh/resources/blog/github-oauth-token-theft-heroku-travis-ci Fri, 15 Apr 2022 14:00:00 GMT Incident Response hi@safeguard.sh (Alex) <![CDATA[Temp File Race Conditions in Build Systems: The TOCTOU Problem]]> https://safeguard.sh/resources/blog/temp-file-race-conditions-build-systems https://safeguard.sh/resources/blog/temp-file-race-conditions-build-systems Fri, 15 Apr 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (James) <![CDATA[Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline]]> https://safeguard.sh/resources/blog/azure-devops-supply-chain-risks https://safeguard.sh/resources/blog/azure-devops-supply-chain-risks Fri, 15 Apr 2022 08:00:00 GMT Supply Chain Security hi@safeguard.sh (Bob) <![CDATA[Container Registry Hardening: The 2022 Baseline]]> https://safeguard.sh/resources/blog/container-registry-hardening-2022 https://safeguard.sh/resources/blog/container-registry-hardening-2022 Fri, 08 Apr 2022 12:00:00 GMT Container Security hi@safeguard.sh (Nayan Dey) <![CDATA[LAPSUS$ Group: Unconventional Attack Techniques That Embarrassed Big Tech]]> https://safeguard.sh/resources/blog/lapsus-group-attack-techniques-analysis https://safeguard.sh/resources/blog/lapsus-group-attack-techniques-analysis Fri, 08 Apr 2022 10:00:00 GMT Threat Actors hi@safeguard.sh (Shadab Khan) <![CDATA[SBOM Automation in CI/CD Pipelines: A Hands-On Guide]]> https://safeguard.sh/resources/blog/sbom-automation-in-ci-cd-pipelines https://safeguard.sh/resources/blog/sbom-automation-in-ci-cd-pipelines Fri, 08 Apr 2022 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Generating SBOMs with Syft: The Complete Guide]]> https://safeguard.sh/resources/blog/generating-sbom-with-syft-guide https://safeguard.sh/resources/blog/generating-sbom-with-syft-guide Fri, 08 Apr 2022 00:00:00 GMT SBOM hi@safeguard.sh (Alex) <![CDATA[VMware Workspace ONE CVE-2022-22954: Server-Side Template Injection Goes Enterprise]]> https://safeguard.sh/resources/blog/vmware-workspace-one-cve-2022-22954 https://safeguard.sh/resources/blog/vmware-workspace-one-cve-2022-22954 Wed, 06 Apr 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do]]> https://safeguard.sh/resources/blog/fuzz-testing-supply-chain-components https://safeguard.sh/resources/blog/fuzz-testing-supply-chain-components Tue, 05 Apr 2022 10:00:00 GMT Application Security hi@safeguard.sh (Nayan Dey) <![CDATA[Mailchimp Social Engineering Breach: How an Employee Hack Compromised Crypto Customers]]> https://safeguard.sh/resources/blog/mailchimp-social-engineering-breach https://safeguard.sh/resources/blog/mailchimp-social-engineering-breach Mon, 04 Apr 2022 10:00:00 GMT Social Engineering hi@safeguard.sh (Shadab Khan) <![CDATA[Spring4Shell (CVE-2022-22965) Response Analysis]]> https://safeguard.sh/resources/blog/spring4shell-cve-2022-22965-response-analysis https://safeguard.sh/resources/blog/spring4shell-cve-2022-22965-response-analysis Sat, 02 Apr 2022 12:00:00 GMT Vulnerability Management hi@safeguard.sh (Nayan Dey) <![CDATA[Spring4Shell vs Log4Shell: Comparing Two Java Framework Crises]]> https://safeguard.sh/resources/blog/spring4shell-vs-log4shell-comparison https://safeguard.sh/resources/blog/spring4shell-vs-log4shell-comparison Sat, 02 Apr 2022 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Spring4Shell (CVE-2022-22965): Remote Code Execution in Spring Framework]]> https://safeguard.sh/resources/blog/spring4shell-cve-2022-22965-analysis https://safeguard.sh/resources/blog/spring4shell-cve-2022-22965-analysis Thu, 31 Mar 2022 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Ronin Network Hack: $625 Million Stolen from Axie Infinity's Blockchain Bridge]]> https://safeguard.sh/resources/blog/ronin-network-hack-625-million https://safeguard.sh/resources/blog/ronin-network-hack-625-million Tue, 29 Mar 2022 10:00:00 GMT Cryptocurrency Security hi@safeguard.sh (Nayan Dey) <![CDATA[Microsoft LAPSUS$ Breach: Source Code Access and the Limits of Perimeter Security]]> https://safeguard.sh/resources/blog/microsoft-lapsus-breach-source-code-access https://safeguard.sh/resources/blog/microsoft-lapsus-breach-source-code-access Tue, 22 Mar 2022 15:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Vulnerability Disclosure Programs: Building Trust with Security Researchers]]> https://safeguard.sh/resources/blog/vulnerability-disclosure-programs-best-practices https://safeguard.sh/resources/blog/vulnerability-disclosure-programs-best-practices Tue, 22 Mar 2022 11:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Okta LAPSUS$ Breach: When Your Identity Provider Gets Compromised]]> https://safeguard.sh/resources/blog/okta-lapsus-breach-january-2022 https://safeguard.sh/resources/blog/okta-lapsus-breach-january-2022 Tue, 22 Mar 2022 09:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[A First-Principles Guide to Artifact Signing in 2022]]> https://safeguard.sh/resources/blog/first-principles-artifact-signing-guide-2022 https://safeguard.sh/resources/blog/first-principles-artifact-signing-guide-2022 Sun, 20 Mar 2022 12:00:00 GMT Best Practices hi@safeguard.sh (Shadab Khan) <![CDATA[Kubernetes Supply Chain Security: Best Practices for 2022]]> https://safeguard.sh/resources/blog/kubernetes-supply-chain-security-best-practices https://safeguard.sh/resources/blog/kubernetes-supply-chain-security-best-practices Tue, 15 Mar 2022 09:00:00 GMT Container Security hi@safeguard.sh (Shadab Khan) <![CDATA[Certificate Authority Compromise and Supply Chain Risks]]> https://safeguard.sh/resources/blog/certificate-authority-compromise-risks https://safeguard.sh/resources/blog/certificate-authority-compromise-risks Sat, 12 Mar 2022 00:00:00 GMT PKI Security hi@safeguard.sh (Shadab Khan) <![CDATA[Dirty Pipe (CVE-2022-0847): A Deep Dive into the Linux Kernel Vulnerability]]> https://safeguard.sh/resources/blog/dirty-pipe-cve-2022-0847-linux-kernel-vulnerability https://safeguard.sh/resources/blog/dirty-pipe-cve-2022-0847-linux-kernel-vulnerability Mon, 07 Mar 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Samsung LAPSUS$ Breach: 190GB of Source Code and the Cost of Insider Access]]> https://safeguard.sh/resources/blog/samsung-lapsus-breach-source-code-theft https://safeguard.sh/resources/blog/samsung-lapsus-breach-source-code-theft Mon, 07 Mar 2022 10:00:00 GMT Incident Analysis hi@safeguard.sh (Michael) <![CDATA[Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools]]> https://safeguard.sh/resources/blog/conti-ransomware-leaks-supply-chain-tools https://safeguard.sh/resources/blog/conti-ransomware-leaks-supply-chain-tools Wed, 02 Mar 2022 10:00:00 GMT Ransomware hi@safeguard.sh (Nayan Dey) <![CDATA[NVIDIA LAPSUS$ Breach: Stolen Code Signing Certificates Used to Sign Malware]]> https://safeguard.sh/resources/blog/nvidia-lapsus-breach-code-signing-certificates https://safeguard.sh/resources/blog/nvidia-lapsus-breach-code-signing-certificates Tue, 01 Mar 2022 12:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Heroku and GitHub OAuth Token Theft: The Early Warning Signs]]> https://safeguard.sh/resources/blog/heroku-github-oauth-token-theft https://safeguard.sh/resources/blog/heroku-github-oauth-token-theft Fri, 25 Feb 2022 12:00:00 GMT Incident Response hi@safeguard.sh (Michael) <![CDATA[SolarWinds Lessons Two Years On: What Actually Changed]]> https://safeguard.sh/resources/blog/solarwinds-lessons-two-years-on https://safeguard.sh/resources/blog/solarwinds-lessons-two-years-on Fri, 18 Feb 2022 12:00:00 GMT Industry Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Event-Driven Architecture Security: Risks You Cannot Ignore]]> https://safeguard.sh/resources/blog/event-driven-architecture-security https://safeguard.sh/resources/blog/event-driven-architecture-security Fri, 18 Feb 2022 10:00:00 GMT Architecture Security hi@safeguard.sh (Bob) <![CDATA[Software Supply Chain Security for Startups: A Practical Guide]]> https://safeguard.sh/resources/blog/software-supply-chain-security-for-startups https://safeguard.sh/resources/blog/software-supply-chain-security-for-startups Tue, 15 Feb 2022 09:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[Open Source License Compliance: A Practical Guide for 2022]]> https://safeguard.sh/resources/blog/open-source-license-compliance-guide-2022 https://safeguard.sh/resources/blog/open-source-license-compliance-guide-2022 Thu, 10 Feb 2022 08:00:00 GMT Compliance & Regulations hi@safeguard.sh (Yukti Singhal) <![CDATA[SAP ICM CVE-2022-22536: ICMAD Vulnerabilities Hit the Heart of Enterprise Software]]> https://safeguard.sh/resources/blog/sap-icmad-cve-2022-22536-critical https://safeguard.sh/resources/blog/sap-icmad-cve-2022-22536-critical Tue, 08 Feb 2022 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[SBOM Formats Compared: CycloneDX vs SPDX in 2022]]> https://safeguard.sh/resources/blog/sbom-formats-compared-cyclonedx-vs-spdx https://safeguard.sh/resources/blog/sbom-formats-compared-cyclonedx-vs-spdx Sat, 05 Feb 2022 10:00:00 GMT Compliance & Regulations hi@safeguard.sh (Bob) <![CDATA[Firmware Supply Chain Security Guide]]> https://safeguard.sh/resources/blog/firmware-supply-chain-security-guide https://safeguard.sh/resources/blog/firmware-supply-chain-security-guide Sat, 05 Feb 2022 00:00:00 GMT Hardware Security hi@safeguard.sh (Bob) <![CDATA[News Corp Breach: Chinese Espionage Targeted Journalists for Two Years]]> https://safeguard.sh/resources/blog/news-corp-china-espionage-breach https://safeguard.sh/resources/blog/news-corp-china-espionage-breach Fri, 04 Feb 2022 10:00:00 GMT Nation-State Threats hi@safeguard.sh (Yukti Singhal) <![CDATA[Polkit pkexec Privilege Escalation: CVE-2021-4034 (PwnKit)]]> https://safeguard.sh/resources/blog/polkit-pkexec-cve-2022-0847-dirty-pipe https://safeguard.sh/resources/blog/polkit-pkexec-cve-2022-0847-dirty-pipe Fri, 28 Jan 2022 14:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Rust Crate Supply Chain Security: Lessons from a Growing Ecosystem]]> https://safeguard.sh/resources/blog/rust-crate-supply-chain-security https://safeguard.sh/resources/blog/rust-crate-supply-chain-security Thu, 20 Jan 2022 11:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Red Cross Data Breach: Attackers Targeted the World's Most Vulnerable People]]> https://safeguard.sh/resources/blog/red-cross-data-breach-2022 https://safeguard.sh/resources/blog/red-cross-data-breach-2022 Thu, 20 Jan 2022 10:00:00 GMT Data Breach hi@safeguard.sh (Alex) <![CDATA[Log4j and the Maintainer Burnout Crisis Nobody Talks About]]> https://safeguard.sh/resources/blog/log4j-maintainer-burnout-lessons https://safeguard.sh/resources/blog/log4j-maintainer-burnout-lessons Tue, 18 Jan 2022 00:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Crypto.com Hack: $34 Million Stolen by Bypassing Two-Factor Authentication]]> https://safeguard.sh/resources/blog/crypto-com-hack-34-million https://safeguard.sh/resources/blog/crypto-com-hack-34-million Mon, 17 Jan 2022 10:00:00 GMT Cryptocurrency Security hi@safeguard.sh (Michael) <![CDATA[TypeScript Strict Mode Security Benefits: More Than Just Type Safety]]> https://safeguard.sh/resources/blog/typescript-strict-mode-security-benefits https://safeguard.sh/resources/blog/typescript-strict-mode-security-benefits Wed, 12 Jan 2022 10:00:00 GMT Secure Development hi@safeguard.sh (Michael) <![CDATA[colors.js and faker.js: When Maintainer Burnout Becomes a Supply Chain Crisis]]> https://safeguard.sh/resources/blog/colors-js-faker-js-open-source-maintainer-burnout https://safeguard.sh/resources/blog/colors-js-faker-js-open-source-maintainer-burnout Mon, 10 Jan 2022 09:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[node-ipc Protestware: When a Maintainer Weaponized the Supply Chain]]> https://safeguard.sh/resources/blog/node-ipc-protestware-peacenotwar-supply-chain https://safeguard.sh/resources/blog/node-ipc-protestware-peacenotwar-supply-chain Sat, 08 Jan 2022 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Software Supply Chain Attacks 2021: A Complete Timeline]]> https://safeguard.sh/resources/blog/software-supply-chain-attacks-2021-timeline https://safeguard.sh/resources/blog/software-supply-chain-attacks-2021-timeline Tue, 28 Dec 2021 09:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Nayan Dey) <![CDATA[Container Image Vulnerabilities: 2021 Year in Review]]> https://safeguard.sh/resources/blog/container-image-vulnerabilities-2021-year-in-review https://safeguard.sh/resources/blog/container-image-vulnerabilities-2021-year-in-review Wed, 22 Dec 2021 09:00:00 GMT Container Security hi@safeguard.sh (Bob) <![CDATA[CISA Known Exploited Vulnerabilities Catalog Launched]]> https://safeguard.sh/resources/blog/cisa-known-exploited-vulnerabilities-catalog-launched https://safeguard.sh/resources/blog/cisa-known-exploited-vulnerabilities-catalog-launched Mon, 20 Dec 2021 09:00:00 GMT Compliance & Regulations hi@safeguard.sh (Shadab Khan) <![CDATA[Detecting Log4Shell in Your Software Supply Chain]]> https://safeguard.sh/resources/blog/detecting-log4shell-in-your-software-supply-chain https://safeguard.sh/resources/blog/detecting-log4shell-in-your-software-supply-chain Sat, 18 Dec 2021 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Log4Shell Impact Assessment and Remediation Guide]]> https://safeguard.sh/resources/blog/log4shell-impact-assessment-and-remediation-guide https://safeguard.sh/resources/blog/log4shell-impact-assessment-and-remediation-guide Wed, 15 Dec 2021 08:00:00 GMT Incident Response hi@safeguard.sh (Yukti Singhal) <![CDATA[Kronos Ransomware Attack: When Payroll Systems Go Dark Before the Holidays]]> https://safeguard.sh/resources/blog/kronos-ransomware-attack-payroll https://safeguard.sh/resources/blog/kronos-ransomware-attack-payroll Tue, 14 Dec 2021 10:00:00 GMT Ransomware hi@safeguard.sh (Bob) <![CDATA[Log4Shell Vulnerability (CVE-2021-44228) Explained]]> https://safeguard.sh/resources/blog/log4shell-vulnerability-cve-2021-44228-explained https://safeguard.sh/resources/blog/log4shell-vulnerability-cve-2021-44228-explained Mon, 13 Dec 2021 08:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[Grafana CVE-2021-43798: Directory Traversal in Everyone's Favorite Dashboard Tool]]> https://safeguard.sh/resources/blog/grafana-cve-2021-43798-directory-traversal https://safeguard.sh/resources/blog/grafana-cve-2021-43798-directory-traversal Sun, 05 Dec 2021 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Michael) <![CDATA[gRPC Security Considerations for Microservice Architectures]]> https://safeguard.sh/resources/blog/grpc-security-considerations https://safeguard.sh/resources/blog/grpc-security-considerations Sun, 05 Dec 2021 10:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[Vendor Concentration Risk: When Your Entire Stack Depends on One Company]]> https://safeguard.sh/resources/blog/vendor-concentration-risk-software-supply-chain https://safeguard.sh/resources/blog/vendor-concentration-risk-software-supply-chain Sun, 05 Dec 2021 10:00:00 GMT Risk Management hi@safeguard.sh (James) <![CDATA[Zero-Day Vulnerabilities in Open Source: 2021 in Review]]> https://safeguard.sh/resources/blog/zero-day-vulnerabilities-in-open-source-2021 https://safeguard.sh/resources/blog/zero-day-vulnerabilities-in-open-source-2021 Sun, 28 Nov 2021 09:00:00 GMT Vulnerability Research hi@safeguard.sh (James) <![CDATA[BGP Hijacking and Software Distribution Security]]> https://safeguard.sh/resources/blog/bgp-hijacking-software-distribution https://safeguard.sh/resources/blog/bgp-hijacking-software-distribution Sun, 28 Nov 2021 00:00:00 GMT Network Security hi@safeguard.sh (Nayan Dey) <![CDATA[Panasonic Data Breach: Four Months of Undetected Network Access]]> https://safeguard.sh/resources/blog/panasonic-data-breach-november-2021 https://safeguard.sh/resources/blog/panasonic-data-breach-november-2021 Fri, 26 Nov 2021 10:00:00 GMT Data Breach hi@safeguard.sh (James) <![CDATA[Zoho ManageEngine CVE-2021-44077: When IT Management Tools Get Owned]]> https://safeguard.sh/resources/blog/zoho-managengine-cve-2021-44077-exploitation https://safeguard.sh/resources/blog/zoho-managengine-cve-2021-44077-exploitation Sat, 20 Nov 2021 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Yukti Singhal) <![CDATA[Software Composition Analysis: The 2021 Buyer's Guide]]> https://safeguard.sh/resources/blog/software-composition-analysis-sca-buyers-guide https://safeguard.sh/resources/blog/software-composition-analysis-sca-buyers-guide Sat, 20 Nov 2021 09:00:00 GMT Tools & Techniques hi@safeguard.sh (Shadab Khan) <![CDATA[XcodeGhost Revisited: How a Trojanized IDE Infected Thousands of iOS Apps]]> https://safeguard.sh/resources/blog/apple-macos-supply-chain-xcode-ghost https://safeguard.sh/resources/blog/apple-macos-supply-chain-xcode-ghost Mon, 15 Nov 2021 10:00:00 GMT Supply Chain Security hi@safeguard.sh (James) <![CDATA[Robinhood Data Breach: Social Engineering Strikes the Trading Platform]]> https://safeguard.sh/resources/blog/robinhood-data-breach-2021 https://safeguard.sh/resources/blog/robinhood-data-breach-2021 Wed, 10 Nov 2021 10:00:00 GMT Data Breach hi@safeguard.sh (Shadab Khan) <![CDATA[NTIA SBOM Minimum Elements: What Your SBOM Actually Needs to Contain]]> https://safeguard.sh/resources/blog/ntia-sbom-minimum-elements-guide https://safeguard.sh/resources/blog/ntia-sbom-minimum-elements-guide Wed, 10 Nov 2021 09:00:00 GMT Compliance & Regulations hi@safeguard.sh (Nayan Dey) <![CDATA[Vulnerability Prioritization: Beyond CVSS Scores]]> https://safeguard.sh/resources/blog/vulnerability-prioritization-beyond-cvss-scores https://safeguard.sh/resources/blog/vulnerability-prioritization-beyond-cvss-scores Mon, 01 Nov 2021 09:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Cream Finance DeFi Hack: $130 Million Stolen Through Flash Loan Exploit]]> https://safeguard.sh/resources/blog/cream-finance-defi-hack-130-million https://safeguard.sh/resources/blog/cream-finance-defi-hack-130-million Thu, 28 Oct 2021 10:00:00 GMT DeFi Security hi@safeguard.sh (Nayan Dey) <![CDATA[The ua-parser-js npm Hijack of October 2021]]> https://safeguard.sh/resources/blog/ua-parser-js-npm-hijack-october-2021 https://safeguard.sh/resources/blog/ua-parser-js-npm-hijack-october-2021 Mon, 25 Oct 2021 12:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Sigstore and Cosign: Software Signing for the Rest of Us]]> https://safeguard.sh/resources/blog/sigstore-cosign-software-signing-explained https://safeguard.sh/resources/blog/sigstore-cosign-software-signing-explained Mon, 25 Oct 2021 09:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[REvil Ransomware Shutdown: How Law Enforcement Took Down a Ransomware Empire]]> https://safeguard.sh/resources/blog/revil-ransomware-shutdown-law-enforcement https://safeguard.sh/resources/blog/revil-ransomware-shutdown-law-enforcement Fri, 22 Oct 2021 10:00:00 GMT Ransomware hi@safeguard.sh (Yukti Singhal) <![CDATA[Python PyPI Malware Campaigns in 2021]]> https://safeguard.sh/resources/blog/python-pypi-malware-campaigns-2021 https://safeguard.sh/resources/blog/python-pypi-malware-campaigns-2021 Fri, 15 Oct 2021 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review]]> https://safeguard.sh/resources/blog/apache-http-server-cve-2021-41773-path-traversal https://safeguard.sh/resources/blog/apache-http-server-cve-2021-41773-path-traversal Tue, 12 Oct 2021 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Alex) <![CDATA[Twitch Source Code Leak: What 125GB of Exposed Data Tells Us About Internal Security]]> https://safeguard.sh/resources/blog/twitch-source-code-leak-october-2021 https://safeguard.sh/resources/blog/twitch-source-code-leak-october-2021 Fri, 08 Oct 2021 14:00:00 GMT Incident Analysis hi@safeguard.sh (Yukti Singhal) <![CDATA[Docker Hub Malicious Images and Cryptomining Campaigns]]> https://safeguard.sh/resources/blog/docker-hub-malicious-images-cryptomining https://safeguard.sh/resources/blog/docker-hub-malicious-images-cryptomining Tue, 05 Oct 2021 09:00:00 GMT Container Security hi@safeguard.sh (Michael) <![CDATA[Binary Analysis for Supply Chain Verification]]> https://safeguard.sh/resources/blog/binary-analysis-supply-chain-verification https://safeguard.sh/resources/blog/binary-analysis-supply-chain-verification Tue, 05 Oct 2021 00:00:00 GMT Application Security hi@safeguard.sh (James) <![CDATA[GitHub Actions Security: Hidden Supply Chain Risks]]> https://safeguard.sh/resources/blog/github-actions-security-supply-chain-risks https://safeguard.sh/resources/blog/github-actions-security-supply-chain-risks Sat, 25 Sep 2021 10:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Apple's iCloud CSAM Scanning Controversy: Privacy vs. Security at Scale]]> https://safeguard.sh/resources/blog/apple-icloud-csam-privacy-security https://safeguard.sh/resources/blog/apple-icloud-csam-privacy-security Wed, 22 Sep 2021 10:00:00 GMT Privacy & Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Travis CI Token Leak Retrospective]]> https://safeguard.sh/resources/blog/travis-ci-token-leak-retrospective-2021 https://safeguard.sh/resources/blog/travis-ci-token-leak-retrospective-2021 Mon, 20 Sep 2021 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[npm colors and faker Sabotage: When Maintainers Revolt]]> https://safeguard.sh/resources/blog/npm-colors-faker-sabotage-open-source-trust https://safeguard.sh/resources/blog/npm-colors-faker-sabotage-open-source-trust Wed, 15 Sep 2021 10:00:00 GMT Open Source Security hi@safeguard.sh (James) <![CDATA[Business Impact Analysis for Software Dependency Failures]]> https://safeguard.sh/resources/blog/business-impact-analysis-dependency-failures https://safeguard.sh/resources/blog/business-impact-analysis-dependency-failures Fri, 10 Sep 2021 10:00:00 GMT Risk Management hi@safeguard.sh (Shadab Khan) <![CDATA[GraphQL API Security Best Practices]]> https://safeguard.sh/resources/blog/graphql-api-security-best-practices https://safeguard.sh/resources/blog/graphql-api-security-best-practices Fri, 10 Sep 2021 10:00:00 GMT API Security hi@safeguard.sh (Shadab Khan) <![CDATA[ChaosDB: The Microsoft Azure Cosmos DB Vulnerability That Exposed Thousands of Databases]]> https://safeguard.sh/resources/blog/microsoft-cosmosdb-chaosdb-vulnerability https://safeguard.sh/resources/blog/microsoft-cosmosdb-chaosdb-vulnerability Fri, 10 Sep 2021 10:00:00 GMT Cloud Security hi@safeguard.sh (Michael) <![CDATA[Third-Party Risk Management for Software Vendors: Beyond the Questionnaire]]> https://safeguard.sh/resources/blog/third-party-risk-management-software-vendors https://safeguard.sh/resources/blog/third-party-risk-management-software-vendors Wed, 08 Sep 2021 09:00:00 GMT Risk Management hi@safeguard.sh (Alex) <![CDATA[Pegasus Spyware and NSO Group: The Supply Chain of Surveillance]]> https://safeguard.sh/resources/blog/pegasus-spyware-nso-group-supply-chain https://safeguard.sh/resources/blog/pegasus-spyware-nso-group-supply-chain Sun, 05 Sep 2021 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[SLSA Framework Introduction: Securing Supply Chain Integrity]]> https://safeguard.sh/resources/blog/slsa-framework-introduction-supply-chain-integrity https://safeguard.sh/resources/blog/slsa-framework-introduction-supply-chain-integrity Wed, 01 Sep 2021 09:00:00 GMT DevSecOps hi@safeguard.sh (Alex) <![CDATA[DevSecOps Maturity Model: Where Does Your Organization Stand?]]> https://safeguard.sh/resources/blog/devsecops-maturity-model-where-do-you-stand https://safeguard.sh/resources/blog/devsecops-maturity-model-where-do-you-stand Sat, 28 Aug 2021 09:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Regular Expression Denial of Service (ReDoS): When Patterns Attack]]> https://safeguard.sh/resources/blog/redos-regular-expression-denial-of-service https://safeguard.sh/resources/blog/redos-regular-expression-denial-of-service Fri, 20 Aug 2021 10:00:00 GMT Application Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Securing CI/CD Pipelines from Supply Chain Attacks]]> https://safeguard.sh/resources/blog/securing-ci-cd-pipelines-from-supply-chain-attacks https://safeguard.sh/resources/blog/securing-ci-cd-pipelines-from-supply-chain-attacks Fri, 20 Aug 2021 09:00:00 GMT DevSecOps hi@safeguard.sh (Bob) <![CDATA[Accenture LockBit Ransomware Attack: When a Security Consultant Gets Hacked]]> https://safeguard.sh/resources/blog/accenture-lockbit-ransomware-attack https://safeguard.sh/resources/blog/accenture-lockbit-ransomware-attack Wed, 18 Aug 2021 10:00:00 GMT Ransomware hi@safeguard.sh (Alex) <![CDATA[ProxyShell: The Microsoft Exchange Exploit Chain That Wouldn't Stop]]> https://safeguard.sh/resources/blog/proxyshell-microsoft-exchange-exploitation https://safeguard.sh/resources/blog/proxyshell-microsoft-exchange-exploitation Thu, 12 Aug 2021 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (James) <![CDATA[Typosquatting Attacks on npm and PyPI Explained]]> https://safeguard.sh/resources/blog/typosquatting-attacks-npm-pypi-explained https://safeguard.sh/resources/blog/typosquatting-attacks-npm-pypi-explained Tue, 10 Aug 2021 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (James) <![CDATA[DNS Hijacking and Its Supply Chain Implications]]> https://safeguard.sh/resources/blog/dns-hijacking-supply-chain-implications https://safeguard.sh/resources/blog/dns-hijacking-supply-chain-implications Thu, 05 Aug 2021 00:00:00 GMT Network Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Open Source Security: State of the Union 2021]]> https://safeguard.sh/resources/blog/open-source-security-state-of-the-union-2021 https://safeguard.sh/resources/blog/open-source-security-state-of-the-union-2021 Sun, 01 Aug 2021 09:00:00 GMT Open Source Security hi@safeguard.sh (Shadab Khan) <![CDATA[Why Software Bill of Materials Matter]]> https://safeguard.sh/resources/blog/why-software-bill-of-materials-matter https://safeguard.sh/resources/blog/why-software-bill-of-materials-matter Sun, 25 Jul 2021 09:00:00 GMT DevSecOps hi@safeguard.sh (Nayan Dey) <![CDATA[LinkedIn Data Scraping: 700 Million User Records Sold on the Dark Web]]> https://safeguard.sh/resources/blog/linkedin-data-scraping-700-million https://safeguard.sh/resources/blog/linkedin-data-scraping-700-million Tue, 20 Jul 2021 10:00:00 GMT Data Breach hi@safeguard.sh (Bob) <![CDATA[npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized]]> https://safeguard.sh/resources/blog/npm-package-ua-parser-js-compromised https://safeguard.sh/resources/blog/npm-package-ua-parser-js-compromised Thu, 15 Jul 2021 10:00:00 GMT Open Source Security hi@safeguard.sh (Yukti Singhal) <![CDATA[Kaseya VSA Ransomware: A Supply Chain Analysis]]> https://safeguard.sh/resources/blog/kaseya-vsa-ransomware-supply-chain-analysis https://safeguard.sh/resources/blog/kaseya-vsa-ransomware-supply-chain-analysis Thu, 08 Jul 2021 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[PrintNightmare CVE-2021-34527: The Windows Print Spooler Bug That Haunted Every Enterprise]]> https://safeguard.sh/resources/blog/printnightmare-cve-2021-34527-windows https://safeguard.sh/resources/blog/printnightmare-cve-2021-34527-windows Thu, 08 Jul 2021 10:00:00 GMT Vulnerability Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Kaseya VSA Ransomware: Supply Chain Attack Hits 1,500 Businesses]]> https://safeguard.sh/resources/blog/kaseya-vsa-ransomware-supply-chain-attack https://safeguard.sh/resources/blog/kaseya-vsa-ransomware-supply-chain-attack Mon, 05 Jul 2021 08:00:00 GMT Incident Response hi@safeguard.sh (Michael) <![CDATA[Facebook Data Leak: 533 Million Users Exposed Through a Contact Import Feature]]> https://safeguard.sh/resources/blog/facebook-data-leak-533-million https://safeguard.sh/resources/blog/facebook-data-leak-533-million Fri, 02 Jul 2021 10:00:00 GMT Data Breach hi@safeguard.sh (James) <![CDATA[MessagePack Security Implications: Binary Serialization Risks]]> https://safeguard.sh/resources/blog/messagepack-security-implications https://safeguard.sh/resources/blog/messagepack-security-implications Fri, 25 Jun 2021 10:00:00 GMT Application Security hi@safeguard.sh (Michael) <![CDATA[Disaster Recovery Planning for Software Supply Chain Incidents]]> https://safeguard.sh/resources/blog/disaster-recovery-software-supply-chain-incidents https://safeguard.sh/resources/blog/disaster-recovery-software-supply-chain-incidents Tue, 22 Jun 2021 10:00:00 GMT Risk Management hi@safeguard.sh (Nayan Dey) <![CDATA[Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations]]> https://safeguard.sh/resources/blog/microsoft-exchange-hafnium-attack https://safeguard.sh/resources/blog/microsoft-exchange-hafnium-attack Sun, 20 Jun 2021 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Shadab Khan) <![CDATA[NIST SSDF Framework: A Practical Guide]]> https://safeguard.sh/resources/blog/nist-ssdf-framework-practical-guide https://safeguard.sh/resources/blog/nist-ssdf-framework-practical-guide Fri, 18 Jun 2021 09:00:00 GMT Compliance & Regulations hi@safeguard.sh (Alex) <![CDATA[Pulse Secure VPN Zero-Day CVE-2021-22893: When Your Security Gateway Becomes the Backdoor]]> https://safeguard.sh/resources/blog/pulse-secure-vpn-cve-2021-22893 https://safeguard.sh/resources/blog/pulse-secure-vpn-cve-2021-22893 Tue, 15 Jun 2021 10:00:00 GMT Zero-Day Exploits hi@safeguard.sh (Nayan Dey) <![CDATA[Dependency Confusion Attacks Explained]]> https://safeguard.sh/resources/blog/dependency-confusion-attacks-explained https://safeguard.sh/resources/blog/dependency-confusion-attacks-explained Thu, 10 Jun 2021 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Bob) <![CDATA[JBS Foods Ransomware Attack: When Hackers Targeted the World's Meat Supply]]> https://safeguard.sh/resources/blog/jbs-foods-ransomware-supply-chain https://safeguard.sh/resources/blog/jbs-foods-ransomware-supply-chain Sat, 05 Jun 2021 10:00:00 GMT Ransomware hi@safeguard.sh (Nayan Dey) <![CDATA[Understanding SBOM Requirements Under EO 14028]]> https://safeguard.sh/resources/blog/understanding-sbom-requirements-under-eo-14028 https://safeguard.sh/resources/blog/understanding-sbom-requirements-under-eo-14028 Tue, 01 Jun 2021 09:00:00 GMT Compliance & Regulations hi@safeguard.sh (James) <![CDATA[Accellion FTA Breach: How a Legacy File Transfer Tool Became a Supply Chain Nightmare]]> https://safeguard.sh/resources/blog/accellion-fta-breach-supply-chain https://safeguard.sh/resources/blog/accellion-fta-breach-supply-chain Tue, 25 May 2021 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Yukti Singhal) <![CDATA[Codecov Bash Uploader Compromise: A Supply Chain Attack on CI/CD]]> https://safeguard.sh/resources/blog/codecov-bash-uploader-compromise https://safeguard.sh/resources/blog/codecov-bash-uploader-compromise Thu, 20 May 2021 11:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Shadab Khan) <![CDATA[SolarWinds SUNBURST: Lessons for Supply Chain Security]]> https://safeguard.sh/resources/blog/solarwinds-sunburst-lessons-for-supply-chain-security https://safeguard.sh/resources/blog/solarwinds-sunburst-lessons-for-supply-chain-security Sat, 15 May 2021 10:00:00 GMT Supply Chain Attacks hi@safeguard.sh (Nayan Dey) <![CDATA[Executive Order 14028: What It Means for Software Supply Chain Security]]> https://safeguard.sh/resources/blog/executive-order-14028-software-supply-chain-security https://safeguard.sh/resources/blog/executive-order-14028-software-supply-chain-security Wed, 12 May 2021 09:00:00 GMT Compliance & Regulations hi@safeguard.sh (Yukti Singhal) <![CDATA[Colonial Pipeline Ransomware Attack: How a Single Password Shut Down America's Fuel Supply]]> https://safeguard.sh/resources/blog/colonial-pipeline-ransomware-attack-2021 https://safeguard.sh/resources/blog/colonial-pipeline-ransomware-attack-2021 Sat, 08 May 2021 10:00:00 GMT Ransomware hi@safeguard.sh (Yukti Singhal) <![CDATA[Codecov Bash Uploader Compromise: A Retrospective]]> https://safeguard.sh/resources/blog/codecov-bash-uploader-compromise-retrospective https://safeguard.sh/resources/blog/codecov-bash-uploader-compromise-retrospective Thu, 15 Apr 2021 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Software Escrow Agreements: The Security Layer Most Companies Forget]]> https://safeguard.sh/resources/blog/software-escrow-agreements-security-guide https://safeguard.sh/resources/blog/software-escrow-agreements-security-guide Mon, 15 Mar 2021 10:00:00 GMT Risk Management hi@safeguard.sh (Yukti Singhal) <![CDATA[Rust Foundation Formation: Security Implications]]> https://safeguard.sh/resources/blog/rust-foundation-formation-security-implications https://safeguard.sh/resources/blog/rust-foundation-formation-security-implications Wed, 10 Feb 2021 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[SunBurst: A Supply Chain Attack Evolution Study]]> https://safeguard.sh/resources/blog/sunburst-supply-chain-attack-evolution-2020 https://safeguard.sh/resources/blog/sunburst-supply-chain-attack-evolution-2020 Fri, 18 Dec 2020 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Shellshock, Five Years On: The Lessons That Stuck]]> https://safeguard.sh/resources/blog/shellshock-bash-vulnerability-lessons https://safeguard.sh/resources/blog/shellshock-bash-vulnerability-lessons Tue, 24 Sep 2019 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[Heartbleed at Five Years: A Practitioner Retrospective]]> https://safeguard.sh/resources/blog/heartbleed-openssl-five-year-retrospective https://safeguard.sh/resources/blog/heartbleed-openssl-five-year-retrospective Sun, 07 Apr 2019 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[ASUS Live Update and ShadowHammer: The Backdoor]]> https://safeguard.sh/resources/blog/asus-live-update-backdoor-shadowhammer https://safeguard.sh/resources/blog/asus-live-update-backdoor-shadowhammer Thu, 28 Mar 2019 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[XcodeGhost: When the Compiler Was the Attacker]]> https://safeguard.sh/resources/blog/xcodeghost-ios-compiler-supply-chain-2015 https://safeguard.sh/resources/blog/xcodeghost-ios-compiler-supply-chain-2015 Mon, 18 Feb 2019 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[event-stream: The Copay Attack That Rewrote npm]]> https://safeguard.sh/resources/blog/event-stream-npm-malicious-publish-2018 https://safeguard.sh/resources/blog/event-stream-npm-malicious-publish-2018 Tue, 27 Nov 2018 12:00:00 GMT Open Source Security hi@safeguard.sh (Nayan Dey) <![CDATA[CCleaner 2017: Anatomy of a Quiet Supply Chain Hit]]> https://safeguard.sh/resources/blog/ccleaner-supply-chain-attack-2017-analysis https://safeguard.sh/resources/blog/ccleaner-supply-chain-attack-2017-analysis Tue, 19 Sep 2017 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[Equifax: The Supply Chain Angle Few Talked About]]> https://safeguard.sh/resources/blog/equifax-data-breach-supply-chain-angle https://safeguard.sh/resources/blog/equifax-data-breach-supply-chain-angle Fri, 15 Sep 2017 12:00:00 GMT Incident Analysis hi@safeguard.sh (Shadab Khan) <![CDATA[M.E.Doc and NotPetya: The Origin Story]]> https://safeguard.sh/resources/blog/ukrainian-m-e-doc-notpetya-origin-story https://safeguard.sh/resources/blog/ukrainian-m-e-doc-notpetya-origin-story Mon, 04 Sep 2017 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[NotPetya's Origin: A Supply Chain Story From Ukraine]]> https://safeguard.sh/resources/blog/notpetya-ukraine-supply-chain-origin https://safeguard.sh/resources/blog/notpetya-ukraine-supply-chain-origin Wed, 05 Jul 2017 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey) <![CDATA[WannaCry's Supply Chain Dimensions]]> https://safeguard.sh/resources/blog/wannacry-ransomware-supply-chain-dimensions https://safeguard.sh/resources/blog/wannacry-ransomware-supply-chain-dimensions Sat, 20 May 2017 12:00:00 GMT Incident Analysis hi@safeguard.sh (Nayan Dey)