Safeguard
Tag

incident-response

Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.

95 articles

Organizational Security

Security Incident Communication Guide

How to communicate during and after a security incident without making things worse. Templates, timelines, and principles for crisis communication.

Aug 25, 20237 min read
DevSecOps

Game Day Exercises for Supply Chain Incidents: Practicing Before the Real Thing

Game day exercises simulate supply chain attacks and failures, testing your team's response procedures before a real incident hits. Here is how to plan and run effective supply chain game days.

Aug 5, 20235 min read
Software Supply Chain Security

Post-Breach Supply Chain Hardening: Lessons from Real Incidents

After a supply chain breach, the remediation window is your best opportunity to implement controls that should have existed before the incident. This guide covers what to harden and in what order.

Apr 22, 20237 min read
Incident Response

GitHub Private RSA Key Exposed in Public Repository

GitHub's accidental exposure of its private RSA SSH host key in a public repository forced an emergency rotation affecting millions of developers.

Mar 10, 20236 min read
Incident Response

Incident Response Playbook for Supply Chain Attacks

Supply chain attacks break your standard IR playbook. The compromise originates outside your perimeter, affects trusted software, and the blast radius is unknown. Here's how to adapt.

Nov 28, 20229 min read
Software Supply Chain Security

Software Supply Chain Forensics: Investigation Techniques After a Compromise

When a supply chain compromise is confirmed or suspected, forensic investigation must trace the attack path through dependencies, build systems, and artifacts. This guide covers the methodology.

Nov 12, 20227 min read
Open Source Security

Vulnerability Coordination Across the Open Source Ecosystem

When a vulnerability affects a library used by thousands of projects, coordinating the fix is harder than writing the patch. The coordination problem is open source security's biggest operational challenge.

Nov 12, 20227 min read
Business Continuity

Business Continuity Planning for Supply Chain Attacks

When a critical dependency is compromised or disappears, can your business keep running? Most organizations haven't answered this question honestly.

Oct 18, 20226 min read
Incident Analysis

The Log4Shell Response Playbook Six Months In

Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.

Jun 12, 20226 min read
Incident Response

Log4Shell Impact Assessment and Remediation Guide

You know Log4Shell is bad. Now here's how to find every instance in your environment and fix it — including the edge cases everyone misses.

Dec 15, 20215 min read
Risk Management

Disaster Recovery Planning for Software Supply Chain Incidents

When a supply chain attack hits, your DR plan needs to cover more than just infrastructure failover. Here is how to prepare for the worst.

Jun 22, 20217 min read
incident-response (Page 8) — Safeguard Blog