Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Vault Supply Chain Integration Patterns

HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.

Mar 15, 20247 min read
Best Practices

Azure Functions Supply Chain Security

Azure Functions hide a surprising amount of supply chain risk — Oryx builds, run-from-package, extension bundles, and the way deployment slots interact with identity.

Mar 12, 20248 min read
Best Practices

.NET 8 Supply Chain Improvements

.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.

Mar 10, 20245 min read
Best Practices

Security Awareness Training That Developers Don't Hate

Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.

Feb 20, 20247 min read
Best Practices

Azure Managed Identities and the Supply Chain

Managed identities are the credential primitive that fixes most supply chain risk in Azure — but only if you use them the way the service actually intends.

Feb 14, 20248 min read
Best Practices

Remix Framework Security Deep Dive

Remix's server-first architecture and loader/action primitives make for a distinctive security model. The framework encourages good patterns, but the places where it leaves choices to the developer are where I find the interesting bugs.

Feb 8, 20247 min read
Best Practices

The Annual Vendor Security Review Cadence

A complete timeline and workflow for running the annual vendor security review cycle, staffed sustainably, with clear deliverables and audit-ready evidence.

Feb 6, 20246 min read
Best Practices

Secure Boot UEFI and Software Supply Chain Links

How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.

Jan 30, 20245 min read
Best Practices

Managing Security Debt: A Practical Guide

Security debt is inevitable, but it does not have to be unmanageable. Learn how to quantify, prioritize, and systematically pay down your organization's security debt.

Dec 5, 20236 min read
Best Practices

Express.js Security Middleware: An Audit

Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.

Nov 15, 20236 min read
Best Practices

Designing a Vulnerability Triage Workflow That Works

Most vulnerability triage processes are broken. Here is how to design a workflow that reduces noise, routes issues to the right owners, and actually gets things fixed.

Sep 25, 20236 min read
Best Practices

Electron App Supply Chain Security Posture

Electron apps ship Chromium, Node.js, and your entire npm tree to a user's desktop, running with the privileges of the logged-in user. The supply chain implications are severe enough that they deserve their own category of threat model.

Sep 12, 20237 min read
Best Practices (Page 20) — Supply Chain Security Blog | Safeguard