Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Code Signing Infrastructure Breach Response

A compromised signing key is the quietest crisis in security. A concrete playbook for responding when your code signing infrastructure is implicated.

Nov 10, 20246 min read
Best Practices

AWS IAM Roles Anywhere and the Supply Chain

IAM Roles Anywhere lets workloads outside AWS assume IAM roles using X.509 certificates. It is also becoming the authentication layer for supply chain tools. Here is what the threat model looks like.

Nov 5, 20248 min read
Best Practices

Forking Strategy for Enterprise OSS

Forking was once a last resort. In 2024 it became a standard response to license changes, governance failures, and stalled projects. A good forking strategy is now an enterprise competency.

Nov 2, 20246 min read
Best Practices

Scoping a Vulnerability Bounty Program for Supply Chain

How to scope a bug bounty program that addresses supply chain risks: in-scope assets, payout tiers, triage workflow, and avoiding the trap of dependency CVE bounties.

Oct 30, 20246 min read
Best Practices

EHR System Dependency Governance

Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.

Oct 28, 20246 min read
Best Practices

On-Prem to Cloud Supply Chain Continuity

A year inside a financial services cloud migration, and how to keep your software supply chain intact when everything else about the environment changes.

Oct 22, 20247 min read
Best Practices

React Native Supply Chain Risks in 2024

React Native bundles native modules, JavaScript dependencies, and CodePush-style OTA updates into one app. The supply chain is vast and the remediation path is slower than web apps. Here is where it actually goes wrong.

Oct 22, 20247 min read
Best Practices

AWS SSM Parameter Store Security

Parameter Store is everywhere in AWS workloads, which means it accumulates secrets, configuration, and bad IAM over time. Here is the security review I run on every Parameter Store deployment.

Oct 18, 20247 min read
Best Practices

Package Registry Forensic Log Analysis

Extracting investigative signal from package registry logs — publish events, download patterns, and account activity — during a supply chain incident.

Oct 18, 20246 min read
Best Practices

Azure App Service Deployment Security

App Service deployments are easy, which is the problem. A look at the deployment paths, credential surfaces, and hardening steps that matter for production workloads.

Oct 10, 20248 min read
Best Practices

GCP Pub/Sub Security Configuration

A working security configuration for GCP Pub/Sub: topic and subscription IAM, message encryption, VPC Service Controls, dead-letter handling, and the failure modes that turn a messaging layer into an attack surface.

Oct 2, 20247 min read
Best Practices

Doppler Enterprise Secrets Platform Reviewed

Doppler pitches itself as the secrets platform that gets out of developers' way. A detailed look at what works, what does not, and the trade-offs against Vault, Infisical, and the cloud-native options.

Sep 22, 20247 min read
Best Practices (Page 16) — Supply Chain Security Blog | Safeguard