Best Practices
In-depth guides and analysis on best practices from the Safeguard engineering team.
252 articles
Vault Supply Chain Integration Patterns
HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.
Azure Functions Supply Chain Security
Azure Functions hide a surprising amount of supply chain risk — Oryx builds, run-from-package, extension bundles, and the way deployment slots interact with identity.
.NET 8 Supply Chain Improvements
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
Security Awareness Training That Developers Don't Hate
Traditional security training is boring and ineffective. Here is how to build a training program developers actually engage with and learn from.
Azure Managed Identities and the Supply Chain
Managed identities are the credential primitive that fixes most supply chain risk in Azure — but only if you use them the way the service actually intends.
Remix Framework Security Deep Dive
Remix's server-first architecture and loader/action primitives make for a distinctive security model. The framework encourages good patterns, but the places where it leaves choices to the developer are where I find the interesting bugs.
The Annual Vendor Security Review Cadence
A complete timeline and workflow for running the annual vendor security review cycle, staffed sustainably, with clear deliverables and audit-ready evidence.
Secure Boot UEFI and Software Supply Chain Links
How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.
Managing Security Debt: A Practical Guide
Security debt is inevitable, but it does not have to be unmanageable. Learn how to quantify, prioritize, and systematically pay down your organization's security debt.
Express.js Security Middleware: An Audit
Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.
Designing a Vulnerability Triage Workflow That Works
Most vulnerability triage processes are broken. Here is how to design a workflow that reduces noise, routes issues to the right owners, and actually gets things fixed.
Electron App Supply Chain Security Posture
Electron apps ship Chromium, Node.js, and your entire npm tree to a user's desktop, running with the privileges of the logged-in user. The supply chain implications are severe enough that they deserve their own category of threat model.