Software Supply Chain Security
In-depth guides and analysis on software supply chain security from the Safeguard engineering team.
175 articles
AI BOM Spec Comparison: CycloneDX ML-BOM in 2026
AI bills of materials moved from proposal to procurement requirement. A practical comparison of CycloneDX ML-BOM, SPDX 3.0 AI profile, and what to ship in 2026.
Third-party library risk in Android apps: permissions, SD...
Every Android app runs dozens of third-party SDKs with full app permissions. Here's how android third-party library risk turns into real data leaks — and how Safeguard catches it first.
Detecting Model Supply Chain Poisoning in 2026
Poisoning attacks against the model supply chain have moved from research to incident reports. What detection looks like when the attack surface includes weights.
What is Software Supply Chain Risk Scoring
CVSS alone can't tell you what to fix first. Here's how supply chain risk scoring blends exploitability, reachability, and provenance into one actionable number.
What is a Malicious Commit / Compromised Maintainer Account
When an attacker steals a maintainer's credentials, every user of that package inherits the compromise. Here's how it happens and how to catch it.
Software supply chain security for core banking systems
How core banking system supply chain security failures happen, what they cost, and how SBOMs and vendor risk monitoring keep core banking platforms safe.
Securing the payment gateway software supply chain
A single compromised script or dependency can silently harvest card data at checkout. Here's what payment gateway supply chain security actually requires in 2026.
Software supply chain risk in cryptocurrency exchange and...
How compromised wallet SDKs, smart contract dependencies, and stale third-party audits are driving nine-figure crypto exchange breaches like Bybit and Ledger.
Software supply chain security for medical devices
How FDA premarket cybersecurity rules, medical device SBOMs, and firmware vulnerabilities like Ripple20 and SweynTooth are reshaping supply chain security for connected medical devices.
Securing electronic health record (EHR) software supply c...
How the Change Healthcare breach, weak EHR vendor risk management, and exposed HL7 FHIR APIs turned healthcare's software supply chain into its biggest security gap.
How to conduct a software supply chain risk assessment fo...
A step-by-step guide for insurance carriers to assess software supply chain risk in vendor portfolios, from SBOM collection to continuous monitoring.
Software supply chain security for connected and autonomo...
Modern cars run 100M+ lines of code across 150 ECUs from untracked suppliers. Here's why connected vehicle software supply chain security now demands real SBOMs, not compliance checkboxes.