industry-analysis
Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.
86 articles
The State of Open Source Security: What a Year of Disclosure Data Shows
454,600+ new malicious packages hit open-source registries in 2025, and NVD still closed the year with a 27,000-CVE enrichment backlog.
How the security industry is scaling partnerships for AI risk
No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.
MSSP and partner program models in AppSec
Checkmarx built an MSSP and partner program around code scanning. Here's how that model works, where it misses software supply chain risk, and what to check before signing.
The hidden cost of surface-level code security
Legacy SAST/SCA scanning piles up findings without context, quietly building code security debt whose hidden cost shows up in engineering hours, audits, and breaches.
Application Security Strategy for 2026: AI, DevSecOps, an...
AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.
InnerSource Practices for Enterprise Development
InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.
Exploring vulnerabilities in GitHub Actions workflows
From the tj-actions/changed-files hijack to PyTorch's self-hosted runner breach, real incidents show how GitHub Actions workflows keep getting exploited.
Malicious postinstall scripts in npm packages
From eslint-scope in 2018 to the 2025 Shai-Hulud worm, npm postinstall scripts keep delivering malware before any scan or review runs. Here's how it works and what stops it.
Secrets detection: how it works and why it matters
How secrets detection tools catch leaked keys before attackers do, why breaches like Toyota's still happen, and how Safeguard compares to Aikido Security.
Cloud misconfiguration: causes and prevention
Cloud misconfiguration causes most cloud breaches, from Capital One to Toyota. Learn its root causes, real incidents, and how Safeguard prevents it.
Open source license management and scanning
33% of codebases ship components with no discernible license, and Aikido's manifest-based scanning still misses vendored code and stale registry metadata. Here's what real license compliance requires.
Open source security audits: what they cover
What an open source security audit actually covers versus routine SCA scanning, the frameworks that define it, real costs and timelines, and how Aikido Security's approach compares.