Safeguard articles tagged "google" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Griffin AI vs Gemini Function Calling: Security
Gemini's function calling is strong and flexible. Griffin AI's tool layer is narrow and opinionated. For security workflows, the opinionated approach wins.
Griffin AI vs Gemini Long Context for Codebases
Gemini's million-token context window is a genuinely new capability. For security analysis of large codebases, is it enough on its own?
Griffin AI vs Gemini Code Assist: Security
Gemini Code Assist makes developers faster. But faster is not safer. Here's how Griffin AI layers a security engine onto the same developer workflow.
Griffin AI vs Gemini Ultra for Security Reasoning
Gemini Ultra sets a high bar on complex reasoning benchmarks. But security reasoning is not benchmark reasoning. Here's how Griffin AI's engine-first approach changes the outcome.
Griffin AI vs Gemini Pro for Security Workflow
Gemini Pro brings capable reasoning and a massive context window to general-purpose workflows. Griffin AI brings a security engine with an LLM on top. The difference matters when the workflow is appsec.
Open Source Vulnerability Rewards: Can Bug Bounties Save Open Source?
Google expanded its OSS vulnerability rewards program in 2023, paying researchers to find bugs in critical open source projects. It's a promising model, but not a silver bullet.
Google Assured Open Source Software: Curated Security for Enterprise Dependencies
Google's Assured OSS service provides enterprise-grade security guarantees for open source packages. It's a compelling model, but it raises questions about who controls the open source supply chain.
How Google Secures Its Software Supply Chain
An inside look at Google's multi-layered approach to supply chain security, from Binary Authorization to SLSA, and what other organizations can adapt from their model.
SLSA Framework Introduction: Securing Supply Chain Integrity
Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.