Safeguard
Tag

industry-analysis

Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.

86 articles

Industry Analysis

The State of Open Source Security: What a Year of Disclosure Data Shows

454,600+ new malicious packages hit open-source registries in 2025, and NVD still closed the year with a 27,000-CVE enrichment backlog.

Jul 8, 20266 min read
Industry Analysis

How the security industry is scaling partnerships for AI risk

No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.

Jul 7, 20266 min read
Industry Analysis

MSSP and partner program models in AppSec

Checkmarx built an MSSP and partner program around code scanning. Here's how that model works, where it misses software supply chain risk, and what to check before signing.

Jun 23, 20267 min read
Industry Analysis

The hidden cost of surface-level code security

Legacy SAST/SCA scanning piles up findings without context, quietly building code security debt whose hidden cost shows up in engineering hours, audits, and breaches.

Jun 16, 20267 min read
Industry Analysis

Application Security Strategy for 2026: AI, DevSecOps, an...

AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.

Jun 15, 20267 min read
Industry Analysis

InnerSource Practices for Enterprise Development

InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.

Jun 4, 20267 min read
Industry Analysis

Exploring vulnerabilities in GitHub Actions workflows

From the tj-actions/changed-files hijack to PyTorch's self-hosted runner breach, real incidents show how GitHub Actions workflows keep getting exploited.

May 17, 20266 min read
Industry Analysis

Malicious postinstall scripts in npm packages

From eslint-scope in 2018 to the 2025 Shai-Hulud worm, npm postinstall scripts keep delivering malware before any scan or review runs. Here's how it works and what stops it.

May 10, 20267 min read
Industry Analysis

Secrets detection: how it works and why it matters

How secrets detection tools catch leaked keys before attackers do, why breaches like Toyota's still happen, and how Safeguard compares to Aikido Security.

May 1, 20268 min read
Industry Analysis

Cloud misconfiguration: causes and prevention

Cloud misconfiguration causes most cloud breaches, from Capital One to Toyota. Learn its root causes, real incidents, and how Safeguard prevents it.

Apr 30, 20267 min read
Industry Analysis

Open source license management and scanning

33% of codebases ship components with no discernible license, and Aikido's manifest-based scanning still misses vendored code and stale registry metadata. Here's what real license compliance requires.

Apr 30, 20268 min read
Industry Analysis

Open source security audits: what they cover

What an open source security audit actually covers versus routine SCA scanning, the frameworks that define it, real costs and timelines, and how Aikido Security's approach compares.

Apr 30, 20268 min read
industry-analysis — Safeguard Blog