Best Practices
In-depth guides and analysis on best practices from the Safeguard engineering team.
252 articles
Bounty Program Scoping for Dependencies
How to scope a bug bounty program when most of your attack surface lives in third-party dependencies — with guidance on payouts, triage, and upstream coordination.
Confidential Computing in Supply Chain Integration
How Intel TDX, AMD SEV-SNP, and AWS Nitro enclaves plug into build and signing pipelines, with attestation flows and operational tradeoffs.
Data Pipeline Platform Migration Security
Moving from one orchestration platform to another surfaces hidden trust relationships. A security-first migration plan for Airflow, Dagster, and Prefect transitions.
Post-Incident Vendor Coordination
When a vendor's incident affects you, the coordination work between their IR team and your ops becomes its own project. How to run it well.
Coordinated Disclosure Zero-Day Playbook
A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.
Dev Machine Secrets: The Exfiltration Risks
Engineer laptops are the softest target in most organizations. Here is a senior engineer's look at the real exfiltration paths for developer secrets and how to shut them down.
Container Security Best Practices for 2025: Beyond Image Scanning
Container security has evolved far past vulnerability scanning. Here is what mature container security programs look like heading into 2025.
Crypto Exchange Supply Chain Hardening
Crypto exchanges are the highest-value software supply chain targets on the internet. A hardening playbook drawn from Lazarus, Ronin, and 3CX.
Zero Trust Principles Applied to the Software Supply Chain
Zero trust is not just a network architecture concept. Applied to the software supply chain, it fundamentally changes how organizations verify code, dependencies, and build processes.
Secrets Rotation Across Microservices: A Playbook
A practical senior engineer's playbook for rotating secrets across microservices without downtime, drift, or the quiet credential leaks that come from half-done cutovers.
Migrating VPN to Zero Trust: Supply Chain
A phased playbook for retiring corporate VPN concentrators in favor of zero trust network access, with specific guidance for protecting software supply chain pipelines.
Security Team Topology for a Supply Chain Program
How to structure a supply chain security program across AppSec, platform, TPRM, and incident response with clear ownership, cadences, and escalation paths.