Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams

NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.

Mar 15, 20246 min read
Industry Analysis

Lazarus Group Software Supply Chain Campaigns

A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.

Feb 28, 20246 min read
Industry Analysis

SBOMs in the Automotive Industry: Navigating Software-Defined Vehicles

Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.

Nov 5, 20236 min read
Industry Analysis

RSA Conference 2023 Supply Chain Track: Field Notes

Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.

Oct 18, 20235 min read
Industry Analysis

The Economics of Vulnerability Bounties: Who Wins and Who Loses

Bug bounty programs are a billion-dollar market. But the economics do not work equally well for everyone. A look at who benefits, who gets shortchanged, and what the numbers actually say.

Jul 15, 20236 min read
Industry Analysis

SolarWinds Lessons Two Years On: What Actually Changed

Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?

Feb 18, 20226 min read
Industry Analysis (Page 25) — Supply Chain Security Blog | Safeguard