Software Supply Chain Security
In-depth guides and analysis on software supply chain security from the Safeguard engineering team.
175 articles
Securing avionics software supply chains under DO-178C
DO-178C verifies that avionics code behaves correctly — but says almost nothing about where its components came from. Here's the supply chain gap and how to close it.
Counterfeit and untrusted component risk in defense softw...
Counterfeit component risk defense software teams face across hardware and code, from gray-market parts to unverified builds, and how illumination catches it.
Software supply chain security for telecom network infras...
Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.
5G network function virtualization (NFV) and Open RAN sof...
5G networks now run on open-source-heavy virtualized and Open RAN software stacks. Here's where the real supply chain risk hides, and how to manage it.
Software supply chain security for e-commerce platforms
Real breaches show how plugins, vendor scripts, and headless stacks put online stores at risk — and how to detect supply chain attacks before customers do.
Securing the retail point-of-sale (POS) software supply c...
BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.
Third-party risk management for retail supply chain and l...
A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.
Software supply chain security for critical energy infras...
From Ukraine's 2015 blackout to Volt Typhoon's grid intrusions, attackers exploit trusted vendor software. Here's what utilities need to know about supply chain risk.
Securing smart grid and advanced metering infrastructure ...
How AMI firmware, smart meters, and grid modernization projects create software supply chain risk for utilities — and what closing that gap actually requires.
Best software supply chain security platforms
A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.
Malicious VS Code extensions report
150+ malicious VS Code extensions have been pulled from marketplaces since 2024. Here's how the attacks work — and how to defend against them.
Terraform Registry module vulnerability trends
Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.