post-quantum
Safeguard articles tagged "post-quantum" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Post-Quantum Signing: An Artifact Migration Plan
A concrete migration plan for artifact signing from ECDSA to ML-DSA and SLH-DSA, covering Sigstore, Notary, HSMs, and staged hybrid rollouts.
Post-Quantum Cryptography Migration for Software Supply Chains
NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.
Cryptographic Bill of Materials (CBOM): The Next Frontier
Post-quantum cryptography migration requires knowing what cryptographic algorithms your software uses. CBOMs provide that inventory. Here is what they are and why they matter.
Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams
NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.
Quantum Computing and the Coming Cryptography Crisis in Supply Chains
Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.