Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams
NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.
Lazarus Group Software Supply Chain Campaigns
A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.
SBOMs in the Automotive Industry: Navigating Software-Defined Vehicles
Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.
RSA Conference 2023 Supply Chain Track: Field Notes
Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.
The Economics of Vulnerability Bounties: Who Wins and Who Loses
Bug bounty programs are a billion-dollar market. But the economics do not work equally well for everyone. A look at who benefits, who gets shortchanged, and what the numbers actually say.
SolarWinds Lessons Two Years On: What Actually Changed
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?