research
Safeguard articles tagged "research" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Go Toolchain Supply Chain Risks: 2025 Research
2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.
Fine-Tune Backdoor Insertion: Academic Research
A senior engineer's review of academic research on fine-tune backdoor insertion, from BadNets to sleeper agents, and how the findings translate to production ML.
Nullcon Berlin 2026 Supply Chain Highlights
Nullcon Berlin 2026 delivered a dense European view of software supply chain research. Here are the themes and sessions that mattered most to defenders.
SBOM Quality Across Ecosystems: 2026 Report
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.
Top 10 Riskiest Transitive Dependencies 2026
The Safeguard Research team built a risk index for transitive dependencies and ranked the ten categories that concentrate the most risk in modern stacks.
AI Code Assistant Package Hallucination Study
The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.
Abandoned Dependency Risk Study
The Safeguard Research team measured how much abandonment exists in real dependency graphs, how it correlates with risk, and what to do about it.
Reachability Noise Reduction: Findings
The Safeguard Research team ran reachability analysis across a large corpus of real codebases. This is what we learned about which CVEs actually matter.
OSS Malware Trends Q1 2026 (Safeguard Research)
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.